lumma | 760176960fa37e1e598f483948a381c95eb6ea2355430793dda10bd101b15fc9 | Triage

Sharing

General

Target

760176960fa37e1e598f483948a381c95eb6ea2355430793dda10bd101b15fc9.zip
Size

4.6MB
Sample

241231-c6n5essrdt
MD5

d76051719b5e2c1732aef03d9e437d94
SHA1

74f8f2c9852c27ee18096e5fad9f290540a40ea8
SHA256

760176960fa37e1e598f483948a381c95eb6ea2355430793dda10bd101b15fc9
SHA512

5ac9c70ee6e9d7d18ab3f96c988ae0345fe787af700b6d32ded6b797cf93013c82368e3d18db1195d6fc27cb415143d920611894ee9977d8bb1a51bbbcb8e676
SSDEEP

49152:jEYs2PFfxv712xsL+Ztv2Hx2A0BUZwxAUFLtFoiFzlJm+/fToc0qUptpt0:jM8FfxR2xsLBXpKxX7ZDLTbVUpZ0

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

Targets

- Target
  
  Exlan_setup_v3.1.2.exe
- Size
  
  671.8MB
- MD5
  
  0a3b8862e11a77eefc443c202ecc8336
- SHA1
  
  a388e011c3aa07a45f269a2ebf5b9e1fab235ef4
- SHA256
  
  fe5117d476a540ae72ba713ae4781c2cb9ffa12503b34a527ad3ca7853de4929
- SHA512
  
  2b1aa70e48ca5528d2b8f4583ab9a2f7f203028693bbc768442804808860e3be6adaaf77a442bf2d51b5e4f2bfbe41daf16a93a206a7cc7e8b660091e1fa03f3
- SSDEEP
  
  49152:4NuYWEYKkHFfTvBJEvUf2vtY7uRfbQswUZcSByYGv5uuv/DYi35PB+MTRx2VT4Gt:4NhWqQFfTjEvUfH7ul5ApZdel
Score

10^/10

discovery lumma stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummadiscoverystealer