lumma | 1be130eb73f431227a9f44376468d2efdc30394a34ef182326adc5d42b367e0f

Sharing

Copy URL

Twitter E-mail

General

Target

1easyacid.zip
Size

14.8MB
Sample

241230-vq6cwasrgv
MD5

1e64d7e08fdaa70104e0f0103fdc5b7b
SHA1

075e65b3872e5060955e035c743cd8f375fff65d
SHA256

1be130eb73f431227a9f44376468d2efdc30394a34ef182326adc5d42b367e0f
SHA512

7421dd4bc60cbf77d5b9d61c454ffe0a4274c577f2530b3c4e3d4eab1599d365897c2d2196e3cbf8cc2a95dec53946fd4d0a99b65ad8aab379289625db1f6351
SSDEEP

393216:eH2ekU5hOIOGAEvhB5qUyElaIu2SfFJJ9sqkH9y:eWekUhOi5qhX6H9y

Score

10^/10

Malware Config

Extracted

Family

lumma

https://spellshagey.biz/api

Targets

- Target
  
  acid88/bin/1ciaq/libcrypto-3-x64.dll
- Size
  
  4.4MB
- MD5
  
  8dbd2abfc1d8670261930908d3c3dcc6
- SHA1
  
  2b3d4043a373e6e21e3889b96721a2cefb48a5b5
- SHA256
  
  86215b75fcf524a5f7951438f244eacdb27ea9de0c825e5733ed441a61097a96
- SHA512
  
  f66bb58378c8482501aacd1397ef2a6c626f3558344e6418f4c20f29124b1bc40f0245733c983aa20a60c5da812003d6a75c7a3d05cc75cb22d35f99d4ce0c2f
- SSDEEP
  
  98304:HyJPw2A6u8+K5DiSqYdeTngL0y1CPwDvt3uFlDC4gU:HyJPw2l5DiSqYdnL0y1CPwDvt3uFlDCC
Score

1^/10
behavioral1 behavioral2
- Target
  
  acid88/bin/1ciaq/qsvgicon.dll
- Size
  
  50KB
- MD5
  
  3f7066460be7293cd77d14f0beb9d80a
- SHA1
  
  62c7af6cc13dfe05b63e5c2ee5f8aeab953ab688
- SHA256
  
  c74eac4effb6d6e39333e98afde54674b780a82f34e8905bfc67eccb9d7686f5
- SHA512
  
  179619d68fbee0a84cc3b2b525cb385eca5d01021b68c03ac37f8556b7ed698651c808a225d96500b7caf1d51693557d9d74328c9b7545ff8fb9820b4455c88c
- SSDEEP
  
  1536:EZefXU5jI6mbHLEgR14KIBZhBngT2G3vaiX:1rLt147BZhBngH3vaiX
Score

1^/10
behavioral3 behavioral4
- Target
  
  acid88/bin/1ciaq/qtuiotouchplugin.dll
- Size
  
  79KB
- MD5
  
  0aa397c858b146065b33be3417350e35
- SHA1
  
  72e1dc71e629bd7b8aa95f5c6cb623ad20c06ddb
- SHA256
  
  60a6ec2b2fdb4212d059604f209dad9c4593dbb1013bb992fba3ddd39acd0bf9
- SHA512
  
  650fccac95a394a04a5dc3431f0fffc5d167b622a135d6c5aaff87e3cdcf7b09a3b4c6af82aaf4a56e2f5c1d0c60bf88587ba5493382ad5730eeaf0d1cc1d8f6
- SSDEEP
  
  1536:RjHTgy4Hu2ZmnbNVSUG9aQtpPhqiJUjsy:RjHj6XZwSUG9aniKj3
Score

1^/10
behavioral5 behavioral6
- Target
  
  acid88/bin/1ciaq/qwindowsvistastyle.dll
- Size
  
  137KB
- MD5
  
  fda1e042f5c2d981491c1a8759a597cc
- SHA1
  
  9d32989515720a16d486f3a9c78026183fc67d7a
- SHA256
  
  3588331a228f91ff6b84342d11f0d719929a2db58457cc5f2098f019a696ecf1
- SHA512
  
  ee165a704e04561a9a26148e45ba1b8217d1c792d76e9223d3ac2e59be362489bbd4b32da9c68b7e88dc25e436360212b7ae766eb286387b06f8869f51e70d1d
- SSDEEP
  
  3072:Gn+oWGOkt+00vORzuN5G1ZhdKpcShQ31gpw75edKEByw5amcj:c+rs28za6D/qw75edKEByw5a
Score

1^/10
behavioral7 behavioral8
- Target
  
  acid88/bin/Qt5WinExtras.dll
- Size
  
  231KB
- MD5
  
  c9c8f25da24b6084558ef0a031ef5e57
- SHA1
  
  f45a6835fc4f7ea7ac0bfde79ec12d2768a37d7f
- SHA256
  
  c57d9c84411881bf35f54ce28ecbe8a1212f9ac5edb4f10e2cf1f3447faa9551
- SHA512
  
  b7c5b0ca2d3a8be782aeb39d49740de15dc30f3444682b92d16378418f7b1ca73bce97304a1a7b62f47ffc035b527c2bbc6de410b4166522de2a423e4f0f8c73
- SSDEEP
  
  3072:yCV8FbUC+djfYw1JYlGWgn7vLhbNUwthA:y41SGr7vLhbNUwk
Score

1^/10
behavioral10 behavioral9
- Target
  
  acid88/bin/Qt5Xml.dll
- Size
  
  209KB
- MD5
  
  6ba49a44c7b79ad120e665d61aae2650
- SHA1
  
  72d4bd9a776b96c91a72fc57f84391a9de24411f
- SHA256
  
  337e64768180100bc69a545b9788553de0c3516b2fd5b7ed247192fdb81b1c71
- SHA512
  
  c921bbb518b885fc64a2fe686aa88e7731d13f52a7d1f8b483c3fd1e7ead61186e1dd9556518a5758c2865eca7d97eacd06ced9c74d519d6d87875ecbb11b553
- SSDEEP
  
  6144:6X65jjdaCSVKh50mrsXthpBNAhYHvIX3c/xI:W65jBav+JrsXthpDw/
Score

1^/10
behavioral11 behavioral12
- Target
  
  acid88/bin/cjoaq/libcrypto-3-x64.dll
- Size
  
  4.4MB
- MD5
  
  8dbd2abfc1d8670261930908d3c3dcc6
- SHA1
  
  2b3d4043a373e6e21e3889b96721a2cefb48a5b5
- SHA256
  
  86215b75fcf524a5f7951438f244eacdb27ea9de0c825e5733ed441a61097a96
- SHA512
  
  f66bb58378c8482501aacd1397ef2a6c626f3558344e6418f4c20f29124b1bc40f0245733c983aa20a60c5da812003d6a75c7a3d05cc75cb22d35f99d4ce0c2f
- SSDEEP
  
  98304:HyJPw2A6u8+K5DiSqYdeTngL0y1CPwDvt3uFlDC4gU:HyJPw2l5DiSqYdnL0y1CPwDvt3uFlDCC
Score

1^/10
behavioral13 behavioral14
- Target
  
  acid88/bin/cjoaq/qcertonlybackend.dll
- Size
  
  84KB
- MD5
  
  b186f38119483d26109abd1e77825207
- SHA1
  
  057ea2a26a393cdc8f0e672ea14cd3cc5a8cd735
- SHA256
  
  2d8999fccf2385ae48260ab0c9a8c93e4ffc4155c94145db8072853997d68d30
- SHA512
  
  efa7b98ea3dcf28e1e6ad6180ddb023df6dda41846c2f0185f9ee6f2a908004dace50d3af962e3dad1c8a07381456cbb0cf2cfa85dbf408431d7e3dd8887998d
- SSDEEP
  
  1536:dkKfYASInULl06jkzvvAXTm4sASYifVpF9pLb8fSYik2fEZf+c7:dkUD1X6Q3Um4ifVpFDbk2fEZf17
Score

1^/10
behavioral15 behavioral16
- Target
  
  acid88/bin/cjoaq/qopensslbackend.dll
- Size
  
  212KB
- MD5
  
  e2c3215fa890346ffb9ebc98184041c1
- SHA1
  
  d6e9adbe1eeeed5c265fd6ff2ac57bf4ccab7e35
- SHA256
  
  f8434e79e9e7094af7d6e56e37e5223187d4d16c85f4dbd9b7ef5b77e6ab612b
- SHA512
  
  1142dde4268bc82b04c378756bba24b8ca31cef3778959816f6233fb6addc1e1dc663353a2789bc250a213fa61eb2ecc39ff2fe1b46ae8f19588b00c5d5c6eaa
- SSDEEP
  
  3072:ROsK8+1SaZ1TZwPItUsPNgk8b7G/8+y454Y8ZWfeDS0Cvk0KO:dSaeNg0ly4opDSv5
Score

1^/10
behavioral17 behavioral18
- Target
  
  acid88/bin/cjoaq/qschannelbackend.dll
- Size
  
  195KB
- MD5
  
  042b1333a7ff256b9876860e2dbb1253
- SHA1
  
  fb1c3d11200f070554c9d464355b1e67d65cef14
- SHA256
  
  449df85a17e6a4e158c42019fcff3d9df609257fac72d4a0b122b6ed16e0ba2a
- SHA512
  
  0a4040ddbb94fe8750ec7455e4b82ed8b07a6a412892ed1d9c745f3f60416e4037148b7fc96a455c57c34f2934743eb173f080939c6df26e44fb6c90bee85e4c
- SSDEEP
  
  6144:Is4yedfcm7jOb87F82Z3CSy6hyGLWjXD:rJev82gWyGLm
Score

1^/10
behavioral19 behavioral20
- Target
  
  acid88/bin/cjoaq/qtuiotouchplugin.dll
- Size
  
  79KB
- MD5
  
  0aa397c858b146065b33be3417350e35
- SHA1
  
  72e1dc71e629bd7b8aa95f5c6cb623ad20c06ddb
- SHA256
  
  60a6ec2b2fdb4212d059604f209dad9c4593dbb1013bb992fba3ddd39acd0bf9
- SHA512
  
  650fccac95a394a04a5dc3431f0fffc5d167b622a135d6c5aaff87e3cdcf7b09a3b4c6af82aaf4a56e2f5c1d0c60bf88587ba5493382ad5730eeaf0d1cc1d8f6
- SSDEEP
  
  1536:RjHTgy4Hu2ZmnbNVSUG9aQtpPhqiJUjsy:RjHj6XZwSUG9aniKj3
Score

1^/10
behavioral21 behavioral22
- Target
  
  acid88/ez_acid.exe
- Size
  
  630KB
- MD5
  
  8e73d547065d7b0aae9fbed6f0348ae4
- SHA1
  
  9570a2f4d366478a759ba720c99372453c7f4cfd
- SHA256
  
  e8d1422445c61ea9e849ad8d7e15021b095431d72887f50693fdb27066b75ee5
- SHA512
  
  caf8eafe184c258175d2acb6eaefee90a1007dd0a9c0572efb31fb16f331f3dc1af8f62b4a90160103da45a69aa3208dd9d81e2b48ce43214be31c6ea9f1112a
- SSDEEP
  
  12288:AZ+vKqnQB3EoRjkMOsfHCdTlKCXyWZZcGiOJ:Akv6vROsfiuCX1ZcGiOJ
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral23 behavioral24
- Target
  
  acid88/source/AvifNative_x64.dll
- Size
  
  6.9MB
- MD5
  
  a532d14c339a39fdae7616066d5425c1
- SHA1
  
  f54052b4b3fd9def2dd4b8aed993ce6ff77b9774
- SHA256
  
  d93b95ea75c2bb6326b9aa72edee3f436bc2755f34cb494e78f7c5509c897228
- SHA512
  
  cecbf12460f1fc84469825db03e9c05d5bb7e68b74a8a93b9e87ad0af2c1f5a45e002cbb214628b7bdab4efd4f204c8829f9a6c92af05bd13cb3ad80bc3fcec2
- SSDEEP
  
  196608:TBpvO8q6LXPmHG37xjvdlCpG/+yoVXv6u3dRyeAxRRCKApbDAUOfL/Nr0ZaWe7Fm:1pm8q6LXPmHG37xjvdlCpG/+yoVXv6ur
Score

1^/10
behavioral25 behavioral26
- Target
  
  acid88/source/MagixOFA_u_x64.dll
- Size
  
  5.3MB
- MD5
  
  2ed3df549a5df0c3c5f202a05ce578c3
- SHA1
  
  bd2a68f8df2846dc72ac9ed2cfcb30fac8f8b42d
- SHA256
  
  96fa8ee487abc4c2f621c0b677b72dfd860d4a801e7f5940bde15d67d675189d
- SHA512
  
  1f5714ec83511879a98715e5838caa64861bd6ab63795db0ef1039d83f712a72bfbee1998d59e90477ba73d90f6a029cd2eeb7732b9a93690958b0a4281de9b0
- SSDEEP
  
  49152:Kk/jn00D31CmCpDjbZuQrIVFRKFPGRUWi/Zo+a8TIkN/uhyQWolWRkCdYyipxeIM:Kk/jn0weluVywxEDSW1o+yy4V2LJ
Score

1^/10
behavioral27 behavioral28
- Target
  
  acid88/source/RvROLClient.dll
- Size
  
  1.4MB
- MD5
  
  1f4369227916423f70da0112077cc180
- SHA1
  
  fb4ae9f45a31346121b138b545bdc05412c6fa5e
- SHA256
  
  5af3ab5bcd4d0edcd3294a2dc816f2669ddd08bbfc565c51ddaf3a276c38c6e9
- SHA512
  
  45bcd06ab4ac0bf86af3377d07cba6110b00ed912b377b2e2f04079bbc0a7d6ecdac511d76bcc33878543b053f294e1c98ebb60a65692ea901b5cc829f735e04
- SSDEEP
  
  24576:TL9Ri81HMqrGJElDUm+RKmbLV+FO4cti9MaoPJob:Tmg6Elef6HctiFoGb
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  acid88/source/RvUESClient.dll
- Size
  
  376KB
- MD5
  
  1cc25786d6c26010f5552d9a3f4db024
- SHA1
  
  c4d07fb9608c2c594efa79dfed75d32d39e8bb2a
- SHA256
  
  042a6c071a8b4d6230ea0b5c292aa2f6ca926e81f7a834c0a8e974d07f5c484f
- SHA512
  
  fd4f18bd9d35ac2a6dea88bfe38b4b4144b40dd67214ebf2c6695b5123d2d10af4420eaf553042cd3983d7f21d15fd216c0b2639c207b53960998b719996a69d
- SSDEEP
  
  6144:8i4lG0Vu57QlaqTOOzmfMgyrNZqciYrjW:8fFQ57QlaqTOOzmYlj
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32