lumma | 263584295040367fc241c79e8aaf137cbe359f3ca69ffc81b8d425a0051ca929 | Triage

Sharing

General

Target

263584295040367fc241c79e8aaf137cbe359f3ca69ffc81b8d425a0051ca929.zip
Size

3.8MB
Sample

241230-f7dxmazlax
MD5

0e5e5c348bce4201415ba2c2f76c1328
SHA1

5518b6ac82b651d51fc692ef684678cf7133dd0a
SHA256

263584295040367fc241c79e8aaf137cbe359f3ca69ffc81b8d425a0051ca929
SHA512

3afde1b51a9e8399491e0c86363000c105a0128379329743c98bc628daed769c9bb04e4ff163eb5e8466561f6b7e80015b6b0ed47c269ee15c971bc2f026da10
SSDEEP

24576:RwkRmFyWxBLBhNgmgJEMd9bFVp2jaT7WIIo6Ayj:RwkRxWx5BhNgVHddcj8Eo6Ak

Score

10^/10

lumma discovery spyware stealer

Malware Config

Extracted

Family

lumma

C2

https://servicedny.site/api

https://authorisev.site/api

https://faulteyotk.site/api

https://dilemmadu.site/api

https://contemteny.site/api

https://goalyfeastz.site/api

https://opposezmny.site/api

https://seallysl.site/api

https://currenycon.cyou/api

Extracted

Family

lumma

C2

https://currenycon.cyou/api

Targets

- Target
  
  [PrivateSociety] Abby Shes In The Big Cock Zone 24.11.03 1080p x265.scr
- Size
  
  857.0MB
- MD5
  
  a6bbef6bc2c3ae695c19d5c1c06d365a
- SHA1
  
  f40f318a2f0a61679016ffdd703cbbbbe6bdaf11
- SHA256
  
  84213ac9a2762fcc2d78880b71ccd740ca577bce2ff11f19806153e1b20af72b
- SHA512
  
  7a3b98cc10a281ab8a2f3021cbeb9527ca2c4a76e31718a135686f642c67bc1f057b834757a03f82568cda9e18c80500b481b7b9a26ebbe3a225ee42bcdad0e8
- SSDEEP
  
  24576:05UxmDaWlrvnvNg6oJ4cT9rFVz27KTZWOgosUf:vDWlbnvNgvhTpq74YosUf
Score

10^/10

lumma discovery spyware stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoveryspywarestealer

behavioral2

lummadiscoveryspywarestealer