lumma | cead1fad9fa0ac918eb11991ca27fb7ba11c1546d05fc0c9f85cdd9603229eb2

General

Target

Xeno.exe
Size

720KB
Sample

241231-ajmxqsvqgm
MD5

dea32ffbc87664069813695a8d3d1b64
SHA1

6593096f605fe052367f47bcb475b39b96a6467d
SHA256

cead1fad9fa0ac918eb11991ca27fb7ba11c1546d05fc0c9f85cdd9603229eb2
SHA512

3318a145614124ea22fc8964ea7e70228d31bed024313a1a5e0b2dc3c607398b11445428e2d87abfa15b18f1de3313319b22be26dda18331ab5d1951496bf7b1
SSDEEP

12288:p7uCt1wYZ2rhSB20AJw2uNuS3LHb4hhHK+Bx+B8NdZJWIjeFFQC5Qla7agUkzRvQ:pqU1fUhSsEbMG6dK+BxC8N7wISFFf

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Extracted

Family

lumma

C2

https://fancywaxxers.shop/api

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  Xeno.exe
- Size
  
  720KB
- MD5
  
  dea32ffbc87664069813695a8d3d1b64
- SHA1
  
  6593096f605fe052367f47bcb475b39b96a6467d
- SHA256
  
  cead1fad9fa0ac918eb11991ca27fb7ba11c1546d05fc0c9f85cdd9603229eb2
- SHA512
  
  3318a145614124ea22fc8964ea7e70228d31bed024313a1a5e0b2dc3c607398b11445428e2d87abfa15b18f1de3313319b22be26dda18331ab5d1951496bf7b1
- SSDEEP
  
  12288:p7uCt1wYZ2rhSB20AJw2uNuS3LHb4hhHK+Bx+B8NdZJWIjeFFQC5Qla7agUkzRvQ:pqU1fUhSsEbMG6dK+BxC8N7wISFFf
Score

10^/10

discovery lumma stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2