General
-
Target
f594e0bbd220acd5f8c940230e4baca60f7c65f15b4ddfd3b299e11c42328331N.exe
-
Size
19KB
-
Sample
241231-2z5w2awpbq
-
MD5
1be9cf4f2be90c6194f7e536fc1b5d70
-
SHA1
bd82cd7a76d32eb2841cb6539f13ccff53001ecd
-
SHA256
f594e0bbd220acd5f8c940230e4baca60f7c65f15b4ddfd3b299e11c42328331
-
SHA512
92fb70c7af37d2c1df32babbaa4fb397c7d009b4747de0d635cea375fc3a827b77845d8805722032e3f53332ba75733e715dcd94c499f87555d4b14ed06153d2
-
SSDEEP
384:ZRwzDLmCMw4mbE9EnLULXIQERC7UB4knNSVrmh:ASCbbZwERC7UB4knNSpK
Malware Config
Extracted
lumma
Targets
-
-
Target
f594e0bbd220acd5f8c940230e4baca60f7c65f15b4ddfd3b299e11c42328331N.exe
-
Size
19KB
-
MD5
1be9cf4f2be90c6194f7e536fc1b5d70
-
SHA1
bd82cd7a76d32eb2841cb6539f13ccff53001ecd
-
SHA256
f594e0bbd220acd5f8c940230e4baca60f7c65f15b4ddfd3b299e11c42328331
-
SHA512
92fb70c7af37d2c1df32babbaa4fb397c7d009b4747de0d635cea375fc3a827b77845d8805722032e3f53332ba75733e715dcd94c499f87555d4b14ed06153d2
-
SSDEEP
384:ZRwzDLmCMw4mbE9EnLULXIQERC7UB4knNSVrmh:ASCbbZwERC7UB4knNSpK
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-