lumma | e218b230e70d84ca9246961436261d6435095b2c3e0df1544e5de0ecd6bd4094 | Triage

Sharing

General

Target

setup.msi
Size

57.9MB
Sample

241230-vreasazrhl
MD5

0a208aa5e80a1e3a42fa60331f14907b
SHA1

418259c831d919bf0bc9f5a46eaa6b803ab1b3bf
SHA256

e218b230e70d84ca9246961436261d6435095b2c3e0df1544e5de0ecd6bd4094
SHA512

5bbad3bbe549032505fd82462bd279e6f7a5ba963eb0e6234a9150c76d3ea543faec9995dac5a42b320d1f0bf2b2fa95e11b5dfd366a9dad6248b99e87c93a06
SSDEEP

1572864:BrQVmrjV7eIvnOTZscak5wE7nTZh8MoF:9TRc7XzVC5

Score

10^/10

lumma discovery execution persistence privilege_escalation stealer

Malware Config

Extracted

Family

lumma

C2

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  setup.msi
- Size
  
  57.9MB
- MD5
  
  0a208aa5e80a1e3a42fa60331f14907b
- SHA1
  
  418259c831d919bf0bc9f5a46eaa6b803ab1b3bf
- SHA256
  
  e218b230e70d84ca9246961436261d6435095b2c3e0df1544e5de0ecd6bd4094
- SHA512
  
  5bbad3bbe549032505fd82462bd279e6f7a5ba963eb0e6234a9150c76d3ea543faec9995dac5a42b320d1f0bf2b2fa95e11b5dfd366a9dad6248b99e87c93a06
- SSDEEP
  
  1572864:BrQVmrjV7eIvnOTZscak5wE7nTZh8MoF:9TRc7XzVC5
Score

10^/10

discovery execution persistence privilege_escalation lumma stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecutionpersistenceprivilege_escalation

behavioral2

lummadiscoveryexecutionpersistenceprivilege_escalationstealer