lumma | 2d08a4f89cc9e39228937658aa2f51e85ef9d3dfac6fe4ff4f17ff34d8ec578e

General

Target

2d08a4f89cc9e39228937658aa2f51e85ef9d3dfac6fe4ff4f17ff34d8ec578e.zip
Size

4.3MB
Sample

241220-d6fzgsyjhv
MD5

261cab2d917ef98cb9db5d04df395ffe
SHA1

8690e113408d59866a313ed63fb4d4a5776b500f
SHA256

2d08a4f89cc9e39228937658aa2f51e85ef9d3dfac6fe4ff4f17ff34d8ec578e
SHA512

1e8a0e34c46d5b8a86ee48ec162bf3573386a2d5ed2dd59f2ffdd34b03644110b0ff7ac6ae1956374bb9a19e396b6dc8a35ebcb94cbbefa2f244a5af15f2dadb
SSDEEP

98304:rYk988/Ot4Mk60RZ43vhkAkg4bcvpOnvQo:rYT4MfX3yrg4boqQo

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://preside-comforter.sbs/api

https://savvy-steereo.sbs/api

https://copper-replace.sbs/api

https://record-envyp.sbs/api

https://slam-whipp.sbs/api

https://wrench-creter.sbs/api

https://looky-marked.sbs/api

https://plastic-mitten.sbs/api

Targets

- Target
  
  FieroHack.exe
- Size
  
  841.6MB
- MD5
  
  9722d2c34d0ec7171331183c43bc8ea1
- SHA1
  
  cdea5a07278bd60e905782b9a55b28544bb2123b
- SHA256
  
  f1dae00c68bf6d4b583bad5812d0776ea3abfaacc3876439f078caa3584455c8
- SHA512
  
  e9b96afb6012fb037aaa3a8563a7f57b2e57e4e4e5111c10e9aa2e69181196594198ad320950d57bc265e9b2ac733fe7749cb738645ceab1e14ca49e132d2225
- SSDEEP
  
  98304:zSYl+O1E/Uo8EoT9AfvDm+CIUzwNhpVCrQ:zS7Uo/bfyhIUziIrQ
Score

10^/10

lumma discovery stealer xmrig evasion execution miner persistence upx
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Creates new service(s)
  persistence execution
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Loads dropped DLL
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2