lumma | bcd89261e8260d0498651bcf52a817cc6221c0c39e96c262d22c5006bff8894a

Resubmissions

07-01-2025 18:54

250107-xkezvawjdn 10

07-01-2025 17:04

250107-vk9s4s1rhn 10

29-12-2024 00:57

241229-ba8nhsxlaw 10

Sharing

Copy URL

Twitter E-mail

General

Target

griefinsight.t.me.bin
Size

36.4MB
Sample

241229-ba8nhsxlaw
MD5

ccdff4b1fcc7f0bf1fee65fe759c2f63
SHA1

ab65ccb587e236a4efd13ed53da340cfc5390e5f
SHA256

bcd89261e8260d0498651bcf52a817cc6221c0c39e96c262d22c5006bff8894a
SHA512

2105b211bab0fb3778cbc8dcef757c937f65a5a1bb41233be902966ac4e093faf0b6d2f99299f669cd4c3709f9980efe60c20b19e51cddde500c4af0390a0d6d
SSDEEP

196608:XNQpKtZcrSXs7GljVyFlQlhTuoRIUckZP9aiUcm/6vjIKjLDpuxDJEvKoJIX1Udz:sOZgq5FMi5lLDK5tkrDEBA9Zj2PVi

Score

10^/10

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

https://nearycrepso.shop/api

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  griefinsight.t.me.bin
- Size
  
  36.4MB
- MD5
  
  ccdff4b1fcc7f0bf1fee65fe759c2f63
- SHA1
  
  ab65ccb587e236a4efd13ed53da340cfc5390e5f
- SHA256
  
  bcd89261e8260d0498651bcf52a817cc6221c0c39e96c262d22c5006bff8894a
- SHA512
  
  2105b211bab0fb3778cbc8dcef757c937f65a5a1bb41233be902966ac4e093faf0b6d2f99299f669cd4c3709f9980efe60c20b19e51cddde500c4af0390a0d6d
- SSDEEP
  
  196608:XNQpKtZcrSXs7GljVyFlQlhTuoRIUckZP9aiUcm/6vjIKjLDpuxDJEvKoJIX1Udz:sOZgq5FMi5lLDK5tkrDEBA9Zj2PVi
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Checks computer location settings

Executes dropped EXE

Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3