Overview

overview

10

Static

static

4

lummastealer.7z

windows7-x64

7

lummastealer.7z

windows10-2004-x64

10

lummasteal...WS.pdf

windows7-x64

3

lummasteal...WS.pdf

windows10-2004-x64

3

lummasteal...in.pdf

windows7-x64

3

lummasteal...in.pdf

windows10-2004-x64

3

lummasteal...ta.pdf

windows7-x64

3

lummasteal...ta.pdf

windows10-2004-x64

3

lummasteal...ts.pdf

windows7-x64

3

lummasteal...ts.pdf

windows10-2004-x64

3

lummasteal...ng.pdf

windows7-x64

3

lummasteal...ng.pdf

windows10-2004-x64

3

lummasteal...ve.pdf

windows7-x64

3

lummasteal...ve.pdf

windows10-2004-x64

3

lummasteal...te.pdf

windows7-x64

3

lummasteal...te.pdf

windows10-2004-x64

3

lummasteal...te.pdf

windows7-x64

3

lummasteal...te.pdf

windows10-2004-x64

3

lummasteal...ce.pdf

windows7-x64

3

lummasteal...ce.pdf

windows10-2004-x64

3

lummasteal...ne.pdf

windows7-x64

3

lummasteal...ne.pdf

windows10-2004-x64

3

lummasteal...on.pdf

windows7-x64

3

lummasteal...on.pdf

windows10-2004-x64

3

lummasteal...ls.pdf

windows7-x64

3

lummasteal...ls.pdf

windows10-2004-x64

3

lummasteal...ep.pdf

windows7-x64

3

lummasteal...ep.pdf

windows10-2004-x64

3

lummasteal...gs.dll

windows7-x64

1

lummasteal...gs.dll

windows10-2004-x64

1

lummasteal...es.dll

windows7-x64

1

lummasteal...es.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    lummastealer.7z

  • Size

    20.9MB

  • Sample

    241206-gr1bcszjcr

  • MD5

    df9957243afdd11725b5f7e454b179aa

  • SHA1

    bd856ebe241d3f0514b16d0a7fa1c9ab0cd47f53

  • SHA256

    826e787cd4449d9814fa273d34c701390baa7deff4d472c9e6487170e8567d1e

  • SHA512

    1e755334095fc60a1f3f5185a102e55cef32e8a096097e5ed0a991d97137f159d782ac2b8e541351a8e79686f2dc23a7ba6de8b1389174059f6f4f1a86000885

  • SSDEEP

    393216:2Yvlm/SBCPubqLpP/iFAC+DyGNu9jIjGjlFb43369OBR2u8es7mdNYq4MXqfamrs:k6B2uuLpiVJkSjbH4euZs7mbqwf

Score
10/10
lummadiscoverylinkpdfstealer

Malware Config

Extracted

Family

lumma

C2

https://impend-differ.biz/api

https://print-vexer.biz/api

https://dare-curbys.biz/api

https://covery-mover.biz/api

https://formy-spill.biz/api

https://dwell-exclaim.biz/api

https://zinc-sneark.biz/api

https://se-blurry.biz/api

Extracted

Family

lumma

C2

https://se-blurry.biz/api

https://zinc-sneark.biz/api

Targets

    • Target

      lummastealer.7z

    • Size

      20.9MB

    • MD5

      df9957243afdd11725b5f7e454b179aa

    • SHA1

      bd856ebe241d3f0514b16d0a7fa1c9ab0cd47f53

    • SHA256

      826e787cd4449d9814fa273d34c701390baa7deff4d472c9e6487170e8567d1e

    • SHA512

      1e755334095fc60a1f3f5185a102e55cef32e8a096097e5ed0a991d97137f159d782ac2b8e541351a8e79686f2dc23a7ba6de8b1389174059f6f4f1a86000885

    • SSDEEP

      393216:2Yvlm/SBCPubqLpP/iFAC+DyGNu9jIjGjlFb43369OBR2u8es7mdNYq4MXqfamrs:k6B2uuLpiVJkSjbH4euZs7mbqwf

    Score
    10/10
    discoverylummastealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Executes dropped EXE

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      lummastealer/Data/Media/NEWS.pdf

    • Size

      475KB

    • MD5

      951af7e5c9f8649aba87836b7e0a5bc6

    • SHA1

      461a9f335c280bde86169123a7a6a52e78f29772

    • SHA256

      37c0c814257d592cdc9fa4f65981a5de73011e1394d193b23968ca0f75f3121f

    • SHA512

      26beb3339e2f72ad5433d7ff4f138fad494ae6225999089f6c4510d46d291d1bb53573e6f798d9a20fdffa6936e4a6fa95b6ec0a4fa1a51cc379d25f0a91bd0e

    • SSDEEP

      12288:puZbEcShGrMZS3lglOSZ/ApESaKT/fRSkgdwW:s1ohCFglOSZ/WESaQRSk0

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      lummastealer/Data/Media/R-admin.pdf

    • Size

      649KB

    • MD5

      04a7d083b6bd70dcd87053b89c9984b0

    • SHA1

      b2758b76c12c7652ee5af25e8bffd69e4d1076f9

    • SHA256

      ab8af3e5103ce93abd1d2edafa6da16dfbe2bc8f850da5d013394ccabea8d9be

    • SHA512

      66b1dc76dd2a36184b6d84fafc7d2dcb2f4f285861e331e1047a8257f8f547265ba6d2980c079e85fc8e45a67d16129b48ec62d4b56a28157b8e3e08fb0012a4

    • SSDEEP

      12288:wWNz973x51JdzGakA6xfMmyJKHA+fmoiRCSqc/7C6:wU97B/LCO6pMwHdmRRChc/G6

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      lummastealer/Data/Media/R-data.pdf

    • Size

      391KB

    • MD5

      4914945ae5b3ef54b8940d02c364e4c8

    • SHA1

      32fbdf74a8957aee2f07d1a3c346e6fce45eb2f8

    • SHA256

      0b0a67c922342dfbfacefa6e2f9fdd8b15ea79f8cb10f45de72dd3c40d0a537b

    • SHA512

      1b54d686ef91171b3c0f554019d478d20983c07255f094ace19f84ff2e6ac933f60aed651a713d8012727b04b7f9e4044ecca294fdf8c429b4ac56746467e3be

    • SSDEEP

      6144:7Y9eLt16cqXNF9M6W6D+HF0BlpV8d3GdRFHzdZOtCEJhxnVm:7YGLF8F9M6W6DR63IzdZMm

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      lummastealer/Data/Media/R-exts.pdf

    • Size

      1.4MB

    • MD5

      6ea8704939c2c332a97db8fb0a2195f6

    • SHA1

      faeb7c0f79be70006a6e3921efca3d6f2b4eafea

    • SHA256

      98ff89550637046703c14bf824652aa26fe5466e91ed418c3a69dd3e4f235297

    • SHA512

      c9599c64aaab06d2233f802f0c15735c3f59328a8fcc8d261b6c587e82134ca44004da042f088a926ba228342d3af915566e6bd0b184090ff34e7045f8238d95

    • SSDEEP

      12288:4g4uUhjUsCn2qpnqSK91KP/VwxATXN7e4r4htlLURwC1JxeI0rVkejNfDWdRXlTA:4nVUsOpK9Ly7lrEbQF0rVhfDWdxlYH

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      lummastealer/Data/Media/R-lang.pdf

    • Size

      505KB

    • MD5

      22fdca1c53fac4533531a436db6d729d

    • SHA1

      87a6086a6bac5d9ef8b4821d847309ae87277104

    • SHA256

      f6f7bd9bf814b1bfcc77f68cd50324b33fea0f83f81e9eaf3abfc8c1d6c6cdf6

    • SHA512

      d3cad3b76668a71edafeb2ee4f187a4b522f8ed7a60b48c67b477d433f37513341389740405925dc616a3c69dace490c6dd012f82b5074193fa75882344efc1c

    • SSDEEP

      6144:9xz4b36Bs8cz0NgGFHlge16mHrO9TyqVveVRkmX9Wllqv0N47utumruF4rS:9xiq0ske1nLO9PqYllJ47uCF4+

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      lummastealer/Data/Media/Sweave.pdf

    • Size

      165KB

    • MD5

      03cb3c2977e0177583a9974d89810819

    • SHA1

      1380f9d3ea38933526876228a59ab24c95d4867f

    • SHA256

      f73ea9db458a1646cc5c45bef267aa7b293bb54f3aa8a78d6f0929129ebeb4d6

    • SHA512

      7c6e6263ffd2a5f79cf4cb086ee3436074e0e3ad9cc43ef33ce1d11ca1f8f85b1fd367b2f0947ff27dbb91bc8318214b012fd50ee8d647341e00bfbe57998217

    • SSDEEP

      3072:G7HIfctgjS2/f3vhljwCB3i5XBjF/vcnQfIvc5izgJ2AavOVYNXCJHnUYsrK8nus:GHIfcAx3fT7B3i5Rp5Wc5ip5vOVQXQL0

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      lummastealer/Data/Media/approximate.pdf

    • Size

      59KB

    • MD5

      55c89b1f20b11e702d840cbf4574b742

    • SHA1

      2f433886be63eb9d5d0b8eca6ecb6256c33cfd17

    • SHA256

      66b1e32463ea3a105cc89eff3cefd4cb3bd8560ac4690bb0ab5f3ae562890edf

    • SHA512

      354f4b526f95df1334e527840e5b99568a4051e5e1272e1e2ce6adb280bcb0538b10b50c72b04d68850b244d6c2f3cda1ed216ac9f3c0621ae1f54d6c15eba3b

    • SSDEEP

      1536:0H0KvhS8/tdlNXeVt5Aj+oaKcYsxh+inG:U0KvhZtdlNOVtL1uiG

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      lummastealer/Data/Media/compete.pdf

    • Size

      288KB

    • MD5

      04b4784201699e30830a56fd900000ca

    • SHA1

      6036b4730837e180cbab31552045642dd54cb8c7

    • SHA256

      4569778d4d10719964e067f502e949a64243e13ea45c89e1c69a89d038613dda

    • SHA512

      84c7ec38722032c027b3f73bd815d61f61138365a6e6913f74e0ed4434108009a1d4d352f1c5504fe9830f8dae67b6b8a9939f88a99d87b78fab8c84db6ac3a6

    • SSDEEP

      6144:HKNeMbv5K4Mb8Nn7abZoDtR1K+DW+ss6a637cjUz5Lph:HLMbv5K4MbY7SZoBR1K+DZdJ63IjUzhP

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      lummastealer/Data/Media/concordance.pdf

    • Size

      307KB

    • MD5

      39b8003af55644376fdc08c7e9cf03d4

    • SHA1

      2653c4d37847538ee9a35b4e65d925fe35e66322

    • SHA256

      b07bf7ff7308a79260fc2e76dbe0e9ea1c9a14316aa07e35059ba25b1e875a91

    • SHA512

      d05d1a0d1360cc3b52b6b9ca0ca901e4a72500d79d4f18674c827bcfa6528bc7406ec1a03eb3c6895e0aa4b1d7b3e1bf1edc9db4ec5440d7e47ac042c3bfcc72

    • SSDEEP

      6144:rurJeeKVjsEbId9ACcZJXkFvPejnl76FPLcvFk6kybzhInFnco:roee8j/8ZcjXkBPebl7MPLeJhInFco

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      lummastealer/Data/Media/moveline.pdf

    • Size

      28KB

    • MD5

      4c3353b3ec2fd9156cc61a9c19a7de98

    • SHA1

      ccecc3c74551f900679ea51ca146df10ff299057

    • SHA256

      352d609b3be9a7e3ccc2c19b872bc1b34d2de33d3831ad57aaa5a198b46b137e

    • SHA512

      6c81f1360e0347173279215bd3433f917b4d67a4a232e3285b28ce19cdd67f94c658ac1951706a11a1eb2bd72f7873458c824dcfc13d8abca181fba52590b36c

    • SSDEEP

      768:lYQs1hINMceFqi6hrPwG50tITP3k5TJhLsmGt/kSFiC:xmqN9lkITqJZsmwVd

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      lummastealer/Data/Media/population.pdf

    • Size

      285KB

    • MD5

      ff01321dd785764e66f0f5fdf822933f

    • SHA1

      f1814fb3eddfa0c446e6f8441116b2a21800001e

    • SHA256

      bf40dc915a41dcb0d87c43134e9eef8756c72b59e4183d3dc19227b536bc1a7d

    • SHA512

      31bf1e85d9a7cc8cf071e0744f506d1539edebeb4f6928ea4b33612a6d3d3f2fe253a52284039550e7acbcb91b1dbae84228cebfb8091a238bff0648aaa7174c

    • SSDEEP

      6144:3fXZgmpaBVWVfPHYRsQN0HRm64F8ANTfGE1oOV:3fXSmpkoVXY3SHRcl71oOV

    Score
    3/10
    discovery
    behavioral23behavioral24

    • Target

      lummastealer/Data/Media/sparseModels.pdf

    • Size

      101KB

    • MD5

      342f3584b1e934146d8d45166f0a8dc0

    • SHA1

      034b90e9e2740132a973359b190a2bbbdfd86f03

    • SHA256

      0471ffeeed893f18222185c4c2a689aef7c3e67146a77ff5aedb5f4374ddfa59

    • SHA512

      9e9a284ba95922b8789e62c0e6c44061bfaba49576e75e11d7094038600f7cae2600e6970b8e69b78fb99e3ef90e626e6ece1a6cce6f99501bd4815ebe118ffd

    • SSDEEP

      3072:oTgu7RooibIRkPKELh9O7hv+3McpFsUba3QExZ:oTRvi+qHh9TTsUb0H

    Score
    3/10
    discovery
    behavioral25behavioral26

    • Target

      lummastealer/Data/Media/timedep.pdf

    • Size

      287KB

    • MD5

      73bd20d33d5226f435d4a555a6aae44d

    • SHA1

      631492d94bc2cd51026d6e2d55ce6c8109539284

    • SHA256

      3643ca67fe1e19e0bd5f740f69efdd3bd00b0fcfea378da0bebd2022fd1028d1

    • SHA512

      6b39d0020a66cb4a9d3c53e66219cfb30a0e704ff5bbaecc4f5af76b0c8362df8a43f2052518c8c58ac31268d103b059b6b2e20cb530076b134019762d950855

    • SSDEEP

      3072:eC8j2od8kC3CE3gaNxjcMcLLJkqVrgeGIykJIfwd7NGzC0HbQ4wtyUXxTOJfQT2x:j0lG/fqVrgSbJ9l4zztLgxTO/WKO4SG

    Score
    3/10
    discovery
    behavioral27behavioral28

    • Target

      lummastealer/Data/Microsoft.VisualStudio.CMake.CMakeSettings.dll

    • Size

      259KB

    • MD5

      58c4ead402a01b383b5f3ee49f91ea8e

    • SHA1

      a6a23753c9773be3dee8632234bb72911b68396e

    • SHA256

      11b59ed70b235ad8101fa4511d0684054260cb018559733b72540002b999191d

    • SHA512

      395bbe2a3b3d236c2b18699c9288e8e3a6a53f0afd0ec0bb87090d2f3cfb047f12e695204a03f01f810c5aeebaafb337b328377b9c76a718e538065a420be854

    • SSDEEP

      3072:g/0ObuETOkVNKnc3zXtH19ariqVvelkS9AbcTVg13VVkyFOX9M:erKoV9ariqVgyYt2

    Score
    1/10
    behavioral29behavioral30

    • Target

      lummastealer/Data/Microsoft.VisualStudio.LanguageServices.TypeScript.resources.dll

    • Size

      272KB

    • MD5

      337931d5dd5cdcee396e4880c6256429

    • SHA1

      0c15647ca50a9556ac3b06b5ff2552aace00877d

    • SHA256

      e5e076e14182227c6d853735b77d1e92cf81bd3b91009b3b788af94fad158456

    • SHA512

      d51b70e01f6698c2113da683cf68d2cb32f8835597e8dc236a5ae0708292b1a956bf36d435772612f5ccc98b980c7ba2ad8ff5b2865f3a9deca912002ffb10af

    • SSDEEP

      3072:ri18tZ1iUskbPPzvlNZibMYFsIs6zEoOLtJDLimdOmaLC/+ShMY+pjYl7ho/cGxx:ry5M9PITV+x8e4pYmsq

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

pdflink
Score
4/10

behavioral1

discovery
Score
7/10

behavioral2

lummadiscoverystealer
Score
10/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10