lumma | 68768b0ca66179824ab4d3cd4eeffbf1ced9df1ae09f68efb19f37545cb7e6d7

Sharing

Copy URL

Twitter E-mail

General

Target

68768b0ca66179824ab4d3cd4eeffbf1ced9df1ae09f68efb19f37545cb7e6d7.zip
Size

23.9MB
Sample

241230-f6vtrazkbk
MD5

4934d66aaee0e5d14a6c679e2025053e
SHA1

d819326107ededf1ef44332dda220710e4392a4c
SHA256

68768b0ca66179824ab4d3cd4eeffbf1ced9df1ae09f68efb19f37545cb7e6d7
SHA512

a10ee4cc3b2f9e698d1e76445d37c41dd8cfa8608e37f5b2da0a65fb70601cd13c449f79db0876522f85842a937e718dfb3047301bcfd31eaa310225802876fd
SSDEEP

393216:ejXmAHLdmn9uoQl83uqyChhTmYVokrBfW6MBt3nltREcasx:eKamn0oneYhhTXXrt5+BnvqdS

Score

10^/10

Malware Config

Extracted

Family

lumma

Targets

- Target
  
  1/SoftWare.exe
- Size
  
  783.3MB
- MD5
  
  ea53a50e1ed29a0d42d9570d10f2b500
- SHA1
  
  669d55e3ef794cf838008fdc80cc7e8b548bc48e
- SHA256
  
  b6ac0110ef0f7a33ef168a40127f9ca6f196921d8ae8592da5881d03206c3430
- SHA512
  
  4dfec8c3f8f3bd4de745608dc6a83b9b07126924db9720764e7d148e3dcb55ccfcb3d892320654f0d816d0934f834bd2e9128a887a8d057508d2bbf18cca6136
- SSDEEP
  
  98304:Gt6+1riMDfhyFH+G2ziKnrRJP04mfKlW43spEmMXSHsPTUcYcdcYcdcYcdcYcdcG:8tiIf4FH+G2ztnFJqsspT60sPT2
Score

10^/10

lumma discovery evasion stealer themida trojan
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  1/System.Windows.ni.dll
- Size
  
  4.8MB
- MD5
  
  493928c1f496050032ea3c209646e829
- SHA1
  
  368d718402be8a6070e26e08243d93683b083a92
- SHA256
  
  39f8be0b1dc19ebd6222fd1da1f1ead148a192f9d833e207e350f01a8b643f88
- SHA512
  
  038a14a7de99e9723b9958e18013e1430adc04aa87f86221122596c7281880f1c8934f5ac626a87dc8db0073d393d0fca721e732388b7a5fa705cff6e15d6503
- SSDEEP
  
  98304:Oe9cOjgrEdwMX0r0k0+rVS0/8Ae0oYR0LJ1nFcunaG/GdIucRZ0xG:OccOjO8znJauGKucRZ0xG
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  1/agcore.dll
- Size
  
  6.8MB
- MD5
  
  50ac7eb20a827c51dc4788e422483247
- SHA1
  
  f775cfc98720a3188a3b4c290a6af8661ffdaeb1
- SHA256
  
  5bbe31d4c68de9be7917182a452597e5d6cb0d729d2c0e4143e80cfe8f1ac683
- SHA512
  
  0a08533a345680258797f92497d015d2fe1deeb799570fdec595e2609fd3b77444af3cebf99cacdc12ebfe7d79b58ad23881c94315978a8e965e85d342a2a29a
- SSDEEP
  
  196608:WfuWa4PVo2C7ap2t1Nk8Ybf3a8uStTUupD:Wf/zPVo92p8Nkpbf3hthUupD
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  1/binfmts/Shared/KeyFile/1033/sqlsysclrtypes_keyfile.dll
- Size
  
  13KB
- MD5
  
  166a4eb063fbff4d85b7647b9b3819b0
- SHA1
  
  1738ea07615836656f9d5579e1de65a1a9fa6ca4
- SHA256
  
  c51a51d4e3734765d1352dbf09511e49a2773b3d6bd9a704ee664fb8e3059e42
- SHA512
  
  d178a00dd133698bc04c9d641c4c77cd6547c05e2fb4b81d9b86db53b12ee49def2496360eee2d8b84c7461adc1db8cc0f1632d6bd8938957fb34880e8df992f
- SSDEEP
  
  192:eezaYKTBCxaMQk3X7rrqYPWhRmWQRFGQKPnEtObMacxc8hjeyveC3cgYBv:euKT4wMdrrxPWhgWQKLXci2jpvqBv
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  1/binfmts/Shared/KeyFile/1049/sqlsysclrtypes_keyfile.dll
- Size
  
  13KB
- MD5
  
  166a4eb063fbff4d85b7647b9b3819b0
- SHA1
  
  1738ea07615836656f9d5579e1de65a1a9fa6ca4
- SHA256
  
  c51a51d4e3734765d1352dbf09511e49a2773b3d6bd9a704ee664fb8e3059e42
- SHA512
  
  d178a00dd133698bc04c9d641c4c77cd6547c05e2fb4b81d9b86db53b12ee49def2496360eee2d8b84c7461adc1db8cc0f1632d6bd8938957fb34880e8df992f
- SSDEEP
  
  192:eezaYKTBCxaMQk3X7rrqYPWhRmWQRFGQKPnEtObMacxc8hjeyveC3cgYBv:euKT4wMdrrxPWhgWQKLXci2jpvqBv
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  1/binfmts/Shared/Linux/bin/centos_x64/nph-keygen_get
- Size
  
  791KB
- MD5
  
  09c5369bd70b4e0ddc05f90cd08c8352
- SHA1
  
  9a1356bc49cfbbb5a871f72be657d82dc6947b3f
- SHA256
  
  43c321312b133a133b3ea44502e9e5216590d38161b2b53e715df38d9419cb56
- SHA512
  
  137ec621ce06ee7b5c8bc85f16316fc613233fab2c0711912cc88689f2325cbafdbe813fe2354e0449c0e33891ae956c0ae7fa7c821a947a1c68f9bf5370f4e0
- SSDEEP
  
  12288:mVQnKfXMvmMqkJAbDB1fMSkNApjNOmL97QWegQY7sotSQ6cs:mffXtMqkJAbESkNApjZLhQW6ot
Score

1^/10
behavioral11
- Target
  
  1/binfmts/Shared/Linux/bin/centos_x64/nph-keygen_post
- Size
  
  791KB
- MD5
  
  48423e75aa4d339e41af9237130a52f3
- SHA1
  
  e764cb90d8c715c83fa57e2a17c08e75ca5b885d
- SHA256
  
  124249d176b6b6f6f5427d00f15cb9d6a519a27961ca7dcf3aae8a8033c3e695
- SHA512
  
  48604604ff07617791d90212028b5cf38e938d129be8ba107ab5b179756641c1954332350a825950daaae5195521a8e521a268c8a4c33d2e1b4db4a813297127
- SSDEEP
  
  12288:9CQGyfXMvmMqkJAbDB1fMSkNApjNOmL97QWegQQ78otSQ6cs:91fXtMqkJAbESkNApjZLhQWCot
Score

1^/10
behavioral12
- Target
  
  1/binfmts/Shared/Linux/bin/centos_x86/nph-keygen_get
- Size
  
  857KB
- MD5
  
  a7235d625bb05ea26bb3f153d6159c00
- SHA1
  
  eec378c6207d77e32582f52d5910e535f6b30830
- SHA256
  
  2011c66859da541c89475681a9758f8a65c5c3ee94e56e6f596b4bbbbe860689
- SHA512
  
  45d517387c930fe7ee62a4759198339309409408402ca1cb84e268f629168496c58de6248c78d8154806c9012a7e365bfbb4bebd126fa122a18aa78fe813ccb1
- SSDEEP
  
  24576:CfA1t66FX75/MP3mq5YZv59bI7a6oclLLu:CI1t66FX75/MP3m8UT0+6ocF
Score

1^/10
behavioral13
- Target
  
  1/binfmts/Shared/Linux/bin/centos_x86/nph-keygen_post
- Size
  
  857KB
- MD5
  
  e810e3f26c58fb5cd2af60279ffc91c4
- SHA1
  
  48dfa65bc9b75020f0331f96f028e0ea36b59edc
- SHA256
  
  30a86b7a01fbf4c8852b379f87fac403cfaa146d5c1f98ac096e2aa1acaeb50f
- SHA512
  
  8d04fb9194ec1bf8dd5d97e17d20ec3a3436c7ddaf681505a1d43b668bbc4557f99b83dc87fdf48059f6bae168a32f2f7bd06e6be9d5ea8d807a135406f3e953
- SSDEEP
  
  24576:Zbc1t66FX75/MP3mq5YZv59bI7a6oclHLu:Zg1t66FX75/MP3m8UT0+6ocZ
Score

1^/10
behavioral14
- Target
  
  1/binfmts/Shared/Linux/bin/debian_x64/nph-keygen_get
- Size
  
  783KB
- MD5
  
  75975d83bbcb491b34d5d16810a89caf
- SHA1
  
  3373527579d56eada1d366baac15ef93516ce505
- SHA256
  
  72f7aa52fcdff3a24230d470e2560b0de5775fcb64e49889735ec01e211e233c
- SHA512
  
  13933744f56dcdb5b15400155b897eed567648be46c2123a7c84e15b52697d20b33eff505c060dc279f22c1335db28e95b1b06886dac822c7225e2957729e06d
- SSDEEP
  
  12288:T9Np5Oxxgokqq+kyKJmemHe+XMylsDnSTJKzs0oc/7m:T3sxgo1NdKJJmHe+hlsAKzs0oc
Score

1^/10
behavioral15
- Target
  
  1/binfmts/Shared/Linux/bin/debian_x64/nph-keygen_post
- Size
  
  783KB
- MD5
  
  9b250dde9fb2f22a4514aa340be53cc6
- SHA1
  
  8952eeb151f933365a64e101e388f4d665a0f3ec
- SHA256
  
  4ac4e9ede458044bfd002fc75bb92c93a9a77a708f3c65b593b752ae66d05bc5
- SHA512
  
  338d41fe6a12a7c357c15ba0e888a3905d9af6099dab4c6efd97c117c3ae3d94f400d2dd7b40e9f634f949cac8715718671c9dc30e7aa79fb99bda94ca78942c
- SSDEEP
  
  12288:W9NQ5Oxxgokqq+kyKJmemHe+XMylsDnSTeKzs0oc/7k:Wasxgo1NdKJJmHe+hls/Kzs0oc
Score

1^/10
behavioral16
- Target
  
  1/binfmts/Shared/Linux/bin/debian_x86/nph-keygen_get
- Size
  
  1.2MB
- MD5
  
  a2ccf94149bac45728360bdc5b22fbcc
- SHA1
  
  9fe91a9fe3b1eba6ac27ca0342f2b268e233cae5
- SHA256
  
  eeb98260ec79a4a7ce2ac5dbe94c8a970c391743d0e85932909acbf9556f536c
- SHA512
  
  ae293f70d6b67403560a33fcc86c7697b62934ae6c77baf63d4487a7fcca21fc4d89cbbe248c8c129384d901bdbc28ce2c2c7202436c53bf4a1147228de61ca0
- SSDEEP
  
  24576:Lm8dVXpyxJM5sFLusU/e+tQXbSUbSwxcftAektTqu8FHwY8bYPv:Lm6VM9Lu2qty8FHwY8bYP
Score

1^/10
behavioral17
- Target
  
  1/binfmts/Shared/Linux/bin/debian_x86/nph-keygen_post
- Size
  
  1.2MB
- MD5
  
  40e19b0e7969e64a37dd51046f8cf9c4
- SHA1
  
  d3d23fe4c49a423f10f448fc1aaf0818b1f41277
- SHA256
  
  60c53bb1a59e31720cfa5a9569b77d0e53039fbe10d4c35b6aac8a98e479b48f
- SHA512
  
  8716d7a8479d029949ef03f2b62c33adf52429d8e751345094e7bc6579a780fa18682c071465a241254a63ef56a4302c52550e94370611d6d726f03344b1a3d8
- SSDEEP
  
  24576:3V8dVXpyxJM5sFLusU/e+tQXbSUbSwxcftAektTqu8FHwY8bYPv:3V6VM9Lu2qty8FHwY8bYP
Score

1^/10
behavioral18
- Target
  
  1/binfmts/Shared/Linux/keygen_short_test.html
- Size
  
  820B
- MD5
  
  0fd586bd54aec120d9b7966e1b646c37
- SHA1
  
  d466c135e526a967210440f18b41228aade87a1e
- SHA256
  
  08451e1f3cb00edd9b49cd0e41eab9c957be3b5839686bb40a8d15f5e252ea28
- SHA512
  
  a70f5321eb0c0eb26926d6b270e0ac43bf16b2c121df6cb4591a3a3af795dc63361b8b7af85690fb54115202b308ceb67731dcb089616062b427f810b46db927
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  1/binfmts/Shared/Linux/php/obsidium_keygen.inc.php
- Size
  
  19KB
- MD5
  
  9935116bc38e3c986c46b38cb21e8436
- SHA1
  
  6a4fe12a92ad37907c2b2b433c739f1cad7e76a0
- SHA256
  
  ac637dbf7fb9cf628b66e5dd3f31ecd641bf21f0e8d878e360c84a19a2040478
- SHA512
  
  5c3fffbf84f18e1a7b1bd5ba52bcae3396fd01047f600087b710c80b8dbb5d1b968216777e807768432cd2d9523bc4d1eafc26db5594ee43194008052f8a6fcf
- SSDEEP
  
  192:V74XDpiFBVCjLJwICqFJjLfH++FtMQP3o+F8PWe:4pyCbjLTY
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  1/binfmts/Shared/SDK/Assemblies/Microsoft.SqlServer.Types.dll
- Size
  
  303KB
- MD5
  
  e3f6937bbc9f71fe87a931adfb92cecf
- SHA1
  
  91d3f257a6bbfbf8c50843011db6ce6535d998bf
- SHA256
  
  e272e45652092622db856dca4e840389be109abcaefd1f376b0043b450a801f5
- SHA512
  
  0d535416d4e3c485a4d133a23270c31d4e0e9f6e59a53c34fbaf0475dce0dc1004d329d3d7d58bb5c6a8f2b4b189932fdb90ce1294aa1d5ffb9c285711882210
- SSDEEP
  
  3072:X9ZHG6aeJrHhGKyoE8GoPxjdBiFaAGWjvGiPP2EpPZHqjm1Dkkr0v9o3:X9NbaeJrHhGKyoE86/KZ8
Score

1^/10
behavioral23 behavioral24
- Target
  
  1/binfmts/Shared/SDK/Assemblies/ru/Microsoft.SqlServer.Types.Resources.dll
- Size
  
  41KB
- MD5
  
  92ba39e66c3d5894a23b110da092bbc0
- SHA1
  
  3c25e7140e6a59bf4af205c7ccaf7fe5907326e4
- SHA256
  
  69841056dc8d96096196fb08c79cf7d3b9d4659b5e7e64d13e47fc3c403e3f3f
- SHA512
  
  7055ada1eeeb954e5770fce83469ecddd2c9bc2aaae05887ea899042ad22b2513550de20242f5af25cd2338093e085a2d2da4682363a37834b83c01294348177
- SSDEEP
  
  384:9iua0XKriuQVqDvOo/dHoqWZLXci2jpvMUqR:9ium7QQDvPahMi2jpvGR
Score

1^/10
behavioral25 behavioral26
- Target
  
  1/binfmts/Shared/xe.dll
- Size
  
  616KB
- MD5
  
  9abbdab424f66a7f4c395fd8759cef0e
- SHA1
  
  d08a1fe1ab2eb09827f26fe493994e8f064c74c8
- SHA256
  
  f724575de0ea9ec3cc15a1f10d6a936ef2ec6dd3790d0d1c39dfc1f9d31aece4
- SHA512
  
  2583f01afd894330c1e98a57327df14605b19c4baa06beba9f42bb63a0831f669bf495fc91c16041cd882169434a568b09fffa2d5f56edbd2b36fbb6a8ae5ef8
- SSDEEP
  
  6144:atkUO5IjISRbo5x88oTPVXU+u/o6XPLFlDxzqKoAMl2FrbyOHgNf1UfD2t2BgCcJ:ukU3IBC823SLMkFrzgx1Uyt2mL0eUW
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  1/binfmts/frame/LocalDB/Binn/Resources/SqlUserInstance.rll
- Size
  
  20KB
- MD5
  
  34a0d74588db4242b3166bcfe1c2cdd6
- SHA1
  
  19630f066153012c3f2c79cd02ea6dd08b5f512e
- SHA256
  
  89521c05d50625512ef53b3c11cded25cdee1d7dc63ff539c2ba8a58a6361e13
- SHA512
  
  883ea9084dbd82be0320f44a600393899877190535498d39d6be6095abd59caf6058a993876ece2449eae2814bfa5e0245c6fe0680f4e6c2b61bde6bfedc5638
- SSDEEP
  
  192:zvGPWFxxWOBWULwu0Sc2HnhWgN7ayvWYjKI+XqnajlFQuY:zvGPWFxxWO7D/HRN7/+ImlQuY
Score

1^/10
behavioral29 behavioral30
- Target
  
  1/binfmts/frame/LocalDB/Binn/Resources/de-DE/SqlUserInstance.rll.mui
- Size
  
  22KB
- MD5
  
  b30fefc695f4444a893d567727b7520d
- SHA1
  
  7c30c0664a6d7bdf5b74d6db49880b0412902a33
- SHA256
  
  5c078a9b5ef063d10f5059a37d0dea80d44a5297cd273e779f8b0a53fdfb8cb7
- SHA512
  
  9e38cecf8b7866fda83a7c58982d8abf418cb67fd909e765727ea3e510713894a57426ce24de2c08e02dbee0b5736ef1623414704aa8952b04002ccde97ea338
- SSDEEP
  
  384:NXe7Jj8tgZO3l3tBNADygiKWwmhGWbD/HRN7uDR1lT2X:NLHBNcRuzDvu1qX
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32