lumma | 1db1a4c253278293c863dff9759c6577f1b6b5b8f69ac0c612338453eeea96d9

General

Target

R3nz_Loader.exe
Size

689KB
Sample

241229-2h8atsyphl
MD5

b43d8eca7777b170ddc40a824ab10bb6
SHA1

a7da0bbde621a7df3489b394ee4e5cea963225e6
SHA256

1db1a4c253278293c863dff9759c6577f1b6b5b8f69ac0c612338453eeea96d9
SHA512

54c6ec0681b7e67782c4d142450f84bef5129c4cfa4dfbd70edc63bd3385d8cc9277cdfbcf2c3a8f6c5cb49b9252eb8c46984a65164164886b805e084e6bbb55
SSDEEP

12288:ENvwXTkEVI9HBoDWupxGsFITxLmIJpCbp4/MLq/xgtQS7iBDgCL+ZNNzloh3LouP:ENoXQEV2hozxG0c0bp2Y4oQSW

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Extracted

Family

lumma

C2

https://fancywaxxers.shop/api

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  R3nz_Loader.exe
- Size
  
  689KB
- MD5
  
  b43d8eca7777b170ddc40a824ab10bb6
- SHA1
  
  a7da0bbde621a7df3489b394ee4e5cea963225e6
- SHA256
  
  1db1a4c253278293c863dff9759c6577f1b6b5b8f69ac0c612338453eeea96d9
- SHA512
  
  54c6ec0681b7e67782c4d142450f84bef5129c4cfa4dfbd70edc63bd3385d8cc9277cdfbcf2c3a8f6c5cb49b9252eb8c46984a65164164886b805e084e6bbb55
- SSDEEP
  
  12288:ENvwXTkEVI9HBoDWupxGsFITxLmIJpCbp4/MLq/xgtQS7iBDgCL+ZNNzloh3LouP:ENoXQEV2hozxG0c0bp2Y4oQSW
Score

10^/10

discovery lumma stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2