lumma | 3029897064932db75991ca59f1530ab5d4380cfc91338376dc0e95272440de70 | Triage

Sharing

General

Target

3029897064932db75991ca59f1530ab5d4380cfc91338376dc0e95272440de70.zip
Size

3.5MB
Sample

241230-gh9tfazng1
MD5

b42eb112bb9fc3589c815228e80d8a2e
SHA1

23a8a8f44652e710f7e9d85e8c35273f271288bc
SHA256

3029897064932db75991ca59f1530ab5d4380cfc91338376dc0e95272440de70
SHA512

7b94e8978f2167501cdb895b3b22b189a072376b69d871e47e7d5d761b8b1fcc70a3617196a177874d4cef89bf0410204905d49c715ae00457d32611eb9c86b3
SSDEEP

98304:Wyt8NkU6RL4ApoToJA1jDSl/2Qnp57itZGruwD15:WAaf6R8H1jD6/2Gitalb

Score

10^/10

lumma discovery execution stealer

Malware Config

Extracted

Family

lumma

Targets

- Target
  
  !Premium--SatUp/Data/Config/test_vendor.txt
- Size
  
  1000B
- MD5
  
  80aec646e662ecdb8f7677b93f39aab7
- SHA1
  
  5fd0591618895472bbfa350c9ea59356c93d8346
- SHA256
  
  5912f1ba252bac927720d0342e63b16a7e273b63e097bb3d1c8e68f9b0703742
- SHA512
  
  19e5d35c78cdfb64ca5caaeda5cd3b46dec21aa77c85d421959fa771614e5265602277c85b7557e58cae04d166feab5a9c5cb6c70c512a29852eb7b1a68fa078
Score

3^/10

execution
behavioral1 behavioral2
- Target
  
  !Premium--SatUp/Data/DOMCharacterData_data_error_002.phpt
- Size
  
  383B
- MD5
  
  1bce0f644543bdda362af19acb0c75cb
- SHA1
  
  f5b834eb722ee6d65acc894ff0e4d25d2d95380e
- SHA256
  
  29d3e67c522205b50518a8df035cbc669203a0fa6d093084ddcd9f028c966d41
- SHA512
  
  6c35dc8d450d4062fd1da1417a97ddfdbcee10a35748a65259c78978146205d3a80f4e773b95dc70d6e86a36ac32f41fedc9b7e8f72a6fc048437ebba1e7c93f
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  !Premium--SatUp/Data/Microsoft.Azure.ActiveDirectory.GraphClient.dll
- Size
  
  545KB
- MD5
  
  21e96d7a25f8725d8e08c0966aeaf5f3
- SHA1
  
  537f9b5176cf3dfc11c1b3dd7fcc2a9074e6c8e9
- SHA256
  
  4cd12bc688746afe7abba4f76aba706802032d0e5b04457afa0569d524b50ea8
- SHA512
  
  0b4e24a192d01a6be6a296e41048344bb0d7f1cd23fc93ef05862f093253aef619623b52b2d0cc128fa6021ac5c2623e7d6aedc0f83568160478f65adb04d1c9
- SSDEEP
  
  6144:QcJrEPv825N81G+gHUerEls+AiIWHQoQ5tgYbfAski8xfAskzAxTaj:o8M+herGsrUwtN9j
Score

1^/10
behavioral5 behavioral6
- Target
  
  !Premium--SatUp/Data/add_007.phpt
- Size
  
  445B
- MD5
  
  7b7bd886db62b3ca4d25e7df4639f1a5
- SHA1
  
  e842536bd398b22df29b527ac6ba613fefe170d0
- SHA256
  
  0fd0f08e8d608bb3c46c3d242e5758bea99ea0c8eb7c19c87ea598a0475d6e29
- SHA512
  
  1215f5560e8347361bd1f242d7b45538703c2e577b5ab7d88f81c766dd9b5d2e3359c7e9f1722e046ab233b8ef1c0a723b94942cef6aa88f24cc01f07e02bc79
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  !Premium--SatUp/Data/dom_test.inc
- Size
  
  1KB
- MD5
  
  0a79fb2493d43b639ca1cb215aea65cc
- SHA1
  
  41859d9b67dec66e0e7f3079b783cfe7f60b50b3
- SHA256
  
  5cbf33ba9058e6a4b6c313bd0a806863c21a4d5c41559875c3581d2c6654afb1
- SHA512
  
  7d8f6d1a7230490112082aaef7cc397ba4aaf9662d9019f5133e7a3b0aab4c24fb4d33c8673a20c50635c94ca8c1c48e181502716379efceff042006506af444
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  !Premium--SatUp/Data/msenvico.dll
- Size
  
  683KB
- MD5
  
  c346dca20fb65853c5d5e0026390091a
- SHA1
  
  cc985c0edfd450a0c0b85f0521de46eb61b21adb
- SHA256
  
  c2a84abdf647e4a3f1671b33806f0283257627fe91c717bcd0eac14cced0b00d
- SHA512
  
  778cccab5f0ba187f77bec54ac1ca43b2930aba1a387e98b142671a30419b40400f1eadaa280a6bc899c50f64027db661a9e2bb43fee1006125b242cfcb4408a
- SSDEEP
  
  3072:2Zx55LPHCaJp9mrGAj3w9QsdkQQMKZonA8YaQhNosoMeuiVehE:qZPHCa79/CA9QMQMKZj8LQhNosoxuiIE
Score

1^/10
behavioral11 behavioral12
- Target
  
  !Premium--SatUp/Data/serialization_objects_009.phpt
- Size
  
  540B
- MD5
  
  c208830c831716b0055bfd8868f1bda8
- SHA1
  
  437bce21269d3fb05ca3032867488805e629d4d8
- SHA256
  
  ff9aadf0e165b1b9d26e9f8bb7a997ddfd537d22c0063f0fe3a19a2a912f7388
- SHA512
  
  4420fce04ccc67edf68117fcd330e01965069707caedb58cbe46beed85ff293dfaf34ebe6b922995b8d5fc04049f13c0770b931e7e4d60a5153bb941b16e1300
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  !Premium--SatUp/Data/skipLazyInitialization_default.phpt
- Size
  
  1KB
- MD5
  
  bd6a0dac960294892a7c243a083284a1
- SHA1
  
  4d643759d8cebda7ef1e5dfd766e293cb80b100f
- SHA256
  
  d081c0a6278ac634ec48ff2f0b89dca85df0201b4d514746d75017a4670485cd
- SHA512
  
  2fa3feb5d3d0da64a94f25e23d34dade2659dbe49158691102828bcdac1472db8e75a2f3b4736c056d5523b54de22a815cf8276694a6a57d0646eae66177830b
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  !Premium--SatUp/MigrationService/System.Web.Extensions.Design.VisualStudio.15.0.dll
- Size
  
  187KB
- MD5
  
  8ba1e3c39fcd5f405dc1fbd904624e51
- SHA1
  
  36235632687a9f0145f8851531ed6ebd4ca8537c
- SHA256
  
  83a95d3b6444551b7bd2547ca6e5f6a5bc488e3b36087541211637201fd2b92c
- SHA512
  
  db71b76256141ec90796261ef1f4e1417adedf22f9bf1dd314243d80bbe0d0585e0a66bcea6110d94a0bac1d09138b54236e123cb02e33f6752ca8a4e296d15a
- SSDEEP
  
  768:ib7fhJUlFWUEUlyyffhlj8G3nkrtBVbh5WmgO8wQkkZ/Bl8STJsFqTEjZIdxv70t:0FQEUlxlj18VkSE8W281L7OizU
Score

1^/10
behavioral17 behavioral18
- Target
  
  !Premium--SatUp/MigrationService/dvatemporalxmp.dll
- Size
  
  569KB
- MD5
  
  6264581b447eee4ea451521f2ea40184
- SHA1
  
  257d8ba2fe669c40dc9c0a6e10bd74b29b4bf7ae
- SHA256
  
  a0bd236d74d13a8b878d28a78340f552b69f178a133c424391d3cf5054ebb865
- SHA512
  
  a3f765df96e9393165c89527593407f0dfa0d7a500c7b08452d2f68b3979931d61424a09bc518826a3aac04ed50ab7456ef911d2d75029a2516e880199d2bdf1
- SSDEEP
  
  6144:kvOKVHnsSxWPo7Zb2d1bTbFv5SOGHD30OZkkMO/so4m:9KVHFRUfSpj9
Score

1^/10
behavioral19 behavioral20
- Target
  
  !Premium--SatUp/MigrationService/helper/bin/wintoast.exe
- Size
  
  348KB
- MD5
  
  b412b24330409e5917080d3aa961789c
- SHA1
  
  78b29c6322f7233020d17b2e65906fb476bb068d
- SHA256
  
  18ff47cd790b9079dac609b1bc69b139bc28963a7ea67d4668eb4ffed18f1d78
- SHA512
  
  ba52febae8544b9d68f3a1e6dd8ce7346b85eab749e68d75b68c35742ab3095eb64d2cb66ff387b7478ad305ed776f82e1a4d818a7b3b6546361566757f70b39
- SSDEEP
  
  6144:LnbM/cNNCM73sOMHjTMVq2dkNBlQhEtqGaNnCohoE+rsrw:9N9kjkq2yZntq5NnCo8oE
Score

1^/10
behavioral21 behavioral22
- Target
  
  !Premium--SatUp/Rapid/mysqli_poll_reference.phpt
- Size
  
  6KB
- MD5
  
  5c3eea468e40d772d36669a3fd369c8d
- SHA1
  
  8faa14a16b17bac31a717835c620c57996cb89e8
- SHA256
  
  0e8be1a03e075581b989fa984a7ec0cd1e40f0824bb1cf19ae792eb6e2305cd7
- SHA512
  
  a403e29ba79ffe7a061107a20118ae787bda92a53c7cecba7631e51b420751bf693202e88e2bf2c619af3762e896a9f60909bc1de55f6bd3cbdcc61e16d71a43
- SSDEEP
  
  192:bvMsdqBiQePgqB1Q38PgqBQQT8PsdLDPn1FPsNygqhOlC8P4:bvHdqBnqBUqBdd32qhb
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  !Premium--SatUp/Rapid/sort_variation3.phpt
- Size
  
  4KB
- MD5
  
  d5354d13001d4f86881248ddc952da6e
- SHA1
  
  a8aa74c0b727d0b7aed7cf9b5ae9a96636b3f2be
- SHA256
  
  6d116bc991be2e5618c6efab8f47b5b83952442f8d2cd0a5dbc5db6a91fdebe8
- SHA512
  
  9fc45066e50fb69a49aa4dcd6a7a98ed7a5186eb628fd219494059f98fba7eb084b8a821fe5178c010685e028290d0cd6c3852ae7ed12d7d70de8eb7ce055a9a
- SSDEEP
  
  48:M2/+Cs0v8954hj05JcGt0XBqWtWKcBFPfhAv7FPfhAviFPfhc/6vP6v+kPzv0Pzs:MBN0hj0axgPapaUm/6P6+aTKTzHZ1ZK9
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  !Premium--SatUp/Setup.exe
- Size
  
  674.3MB
- MD5
  
  6d5c2f525fdc22854a5451e3028410c4
- SHA1
  
  6a553f57d203ff56e77e644662ef73f4fd5f2b00
- SHA256
  
  1d42b43bd0853e1894ff66dd8d711a3f36c2392c78645c7835d3bcf5577789a0
- SHA512
  
  6de2dbb5fe0c277554ade21a767fd0bbb02c9b7b0b5d57bb9be78b318d095af46d8ce3036b2ac7b914e9bf4609a8325dc69d1bdd0e90c6b1693e35bd4a9f6a79
- SSDEEP
  
  98304:DqGyqdRoISzqmRZ6AcrKbCf+gPDtOlsWRAe8ecFmIDlpyKTpgzVb5ov9:ucOmq+mE85sM6lVTezVKv9
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
behavioral27 behavioral28
- Target
  
  !Premium--SatUp/WJSLib.dll
- Size
  
  124KB
- MD5
  
  4b3d0e79ce7f8615879662cf20128f8c
- SHA1
  
  90dea4a943df881ac1cdb69b1d3d496cb2276ae7
- SHA256
  
  3634ffd4c7f43b7cc97a8f206eb43accadf020750c8a82e1609d9a02c47328cd
- SHA512
  
  4fa8e0f6b7e789c7fead6dc738030b405ee6d01b7df815b68305a1e8bd527348b705b7ccc7bdbde5b19bba3998ea8b92b2bd372735da122fd2b5092ab79abbe4
- SSDEEP
  
  3072:KRkoeTuAr+Gbqr2bTvcQtU3qIllQfPanS0Cr0aT:KRzeTuI+G2Cf1U3qGganS0U0i
Score

3^/10

discovery
behavioral29 behavioral30

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

lummadiscoverystealer

behavioral28

lummadiscoverystealer

behavioral29

behavioral30