lumma | 35bfacbefd16ff1a1b942c068a3509ab21b08b830b30ebf659fe83a6d6c8817c

General

Target

35bfacbefd16ff1a1b942c068a3509ab21b08b830b30ebf659fe83a6d6c8817c.exe
Size

6.8MB
Sample

241231-cwlasayrdn
MD5

af8f4b24943a56c36283c58af92a66d2
SHA1

97d2342d59a890a5c1645efeb275e3ad4f061f78
SHA256

35bfacbefd16ff1a1b942c068a3509ab21b08b830b30ebf659fe83a6d6c8817c
SHA512

a48e5f7dd95e74dfa85c4d2672f32c55160e659666a6370afb0d05dfb51a899459c127a8e53af1736cc230c0fdc2b48d2c04ce0a8c53e922c0c749972aa07c2a
SSDEEP

98304:hzjqYyXE93kfPo9/f0VO/ATX49tpaw0evffz9Ura1pUN5GrqDfTndUbf+W7:J0XECf2sVJInrfz8a1ItDfTdUbf+W7

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

C2

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  35bfacbefd16ff1a1b942c068a3509ab21b08b830b30ebf659fe83a6d6c8817c.exe
- Size
  
  6.8MB
- MD5
  
  af8f4b24943a56c36283c58af92a66d2
- SHA1
  
  97d2342d59a890a5c1645efeb275e3ad4f061f78
- SHA256
  
  35bfacbefd16ff1a1b942c068a3509ab21b08b830b30ebf659fe83a6d6c8817c
- SHA512
  
  a48e5f7dd95e74dfa85c4d2672f32c55160e659666a6370afb0d05dfb51a899459c127a8e53af1736cc230c0fdc2b48d2c04ce0a8c53e922c0c749972aa07c2a
- SSDEEP
  
  98304:hzjqYyXE93kfPo9/f0VO/ATX49tpaw0evffz9Ura1pUN5GrqDfTndUbf+W7:J0XECf2sVJInrfz8a1ItDfTdUbf+W7
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2