lumma | 62af490e0c16ad25316e36dfc6d7afc82d6496e33d7b4ff3839685096a0e78db | Triage

Sharing

General

Target

AquaPac v1.2.zip
Size

65.7MB
Sample

241229-2m3wxayrbl
MD5

e0c8235dc9e4b4f42ab5498aae088016
SHA1

96412922bd6bbd0297c426f5ff0b7992372e7e84
SHA256

62af490e0c16ad25316e36dfc6d7afc82d6496e33d7b4ff3839685096a0e78db
SHA512

b10288af31f8ad694838ad4dc39cb1c392d606a877660ec1091a987967148f6e55da3cb6a1bd0495b4e59d8aff30ba5d6f9b9410897a640072ad66794d734d0d
SSDEEP

1572864:sFq4e1MhUyoAoya1r90m9ykgA27QI4SAqHb9I8z9I0E4Lz53xjD:OeNZAo512mIkgAsQ4Hb9OgN3xjD

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

C2

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  AquaPac v1.2/AquaPac.exe
- Size
  
  1.1MB
- MD5
  
  609acb4f45e7e7692dfedaee6c2854ad
- SHA1
  
  cd297298395ceb03f27c4f38e6e99c0deb6df88c
- SHA256
  
  e56496d1737c356ed7feacebe0daaf34781975fcae1fbd368cb5a7b2c2a1eae3
- SHA512
  
  67d3dc5399453a3a90c7af014542c60b93b41bbe00fcbcf4b18434e4011c400f7da1868d8865f629c7e2df7b2b9b11a3d52a004e7b139635ae1bd20becb648a4
- SSDEEP
  
  24576:+DJMEy2UJyOqKbUbnGfiBc8EFuoThlhZCq4ktw7:+Ny9qKbWnGC+FzThlhEqZtw
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer

behavioral3

lummadiscoverystealer

behavioral4

lummadiscoverystealer