lumma | f2adab813a01b48a83bfeb8e14f2eb3894bbabc1e9274ed73d85bf01636fceba

Sharing

Copy URL

Twitter E-mail

General

Target

TieLoader.zip
Size

2.0MB
Sample

241231-l3cfwsvpgw
MD5

dd4b3603575cf0ae24745621b5fa3677
SHA1

a150c034af02a5a9e741448a7a28eb29a662a722
SHA256

f2adab813a01b48a83bfeb8e14f2eb3894bbabc1e9274ed73d85bf01636fceba
SHA512

fd27aac110a9d151677b32101dc3885162ef01e6071c066a95d4c327da69c298e65cd7f6d121d8e0e8422956dacdd8c03b09e23fd0f7eea190e3b6bb2b20b804
SSDEEP

49152:SxL5CIk2G6xTTavBuRoeYEAkCNnq7yCNa1Wlfi:SxUju+vGYjAHUEY

Score

10^/10

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  Bs64.dll
- Size
  
  113KB
- MD5
  
  432af171414aab882ffcf7befdb29301
- SHA1
  
  8b3bc447be2e9cd939f069ffd4eede724bf29abe
- SHA256
  
  8c38422b97232b8799d65e9732b749658c02607ce1dc87065b7a4f21688f74ea
- SHA512
  
  451ed4c69e8c44b04ad37cbd1388a71001fa5d10cee206d3d82eac826d5d9396e58c7dd1385c4005dd27af87dd6a5ca0671fe851cda0ca2343e84e0500b7249f
- SSDEEP
  
  1536:Q0k3t3r9J4ZptHP8REK1d/FAOiXgT0mo0EXJklEkfsq1JvQ4qIkVSsGfuQK:mnitK1d/Ff0nfXJk11v9TMp
Score

1^/10
behavioral1 behavioral2
- Target
  
  Injector.dll
- Size
  
  4.2MB
- MD5
  
  68a27849431e11b71217e718551372f8
- SHA1
  
  db2538736e1ed937bdc2b93427083a4ee08aa1f4
- SHA256
  
  013396b470351a86b374aaf26f7c78e8a5757c75e50cd6fc0cbba45125995b93
- SHA512
  
  685297a9b9ec15a0810a299257c743ce4afb9ee94dd4bc8793358c9d38beaf73e1b211559618ca05d1360499c9f29c9718b5ac6c6301728bdfa94a60079e39eb
- SSDEEP
  
  24576:Um5xpVDA3rxGGlCU4PL97jPokjtFLz5N/Hfy2dnHm4L7gelvZkHrrc1dfgFgUinY:M
Score

1^/10
behavioral3 behavioral4
- Target
  
  OnlineChecks.dll
- Size
  
  222KB
- MD5
  
  12c25fb356e51c3fd81d2d422a66be89
- SHA1
  
  7cc763f8dc889a4ec463aaba38f6e6f65dbdbb8c
- SHA256
  
  7336d66588bbcfea63351a2eb7c8d83bbd49b5d959ba56a94b1fe2e905a5b5de
- SHA512
  
  927d785d03c1ee44b5e784b35a09168978b652f37fb73a1a2eeecd3583c28595fb030e8c1f87ab9a20beac4622775777820d1a2ad7219ba8b9ae8b6fbc4568a0
- SSDEEP
  
  3072:VDy7cjwTlCAlW0InMxf08ZyIjSNVnKJ3HzuoX7o+ThTPD0r7NF4jM9Td2xOdj+C9:Vu71TtInMxf08gI2HnKJDuG73JtxE
Score

1^/10
behavioral5 behavioral6
- Target
  
  SbieSupport.dll
- Size
  
  95KB
- MD5
  
  37cbfa73883e7e361d3fa67c16d0f003
- SHA1
  
  ffa24756cdc37dfd24dc97ba7a42d0399e59960a
- SHA256
  
  57c56f7b312dc1f759e6ad039aac3f36ce5130d259eb9faad77239083398308b
- SHA512
  
  6e0bfab9ff44f580f302cabd06fc537a9e24432effd94b50ab696b35f57a61772072b7f9045a9e99fa4bf3bc316f43ea25ab6c87517242e7957eb86575203bed
- SSDEEP
  
  1536:Im0GxwvasFsbgkc+kvtRSmgDzxdXsWZr9dlnVrUv0ukc:Im0hasFs8H+kvtRovrTxVrUv0vc
Score

1^/10
behavioral7 behavioral8
- Target
  
  TieLoader.exe
- Size
  
  33.3MB
- MD5
  
  2aa217540050764de32dc1c775bef856
- SHA1
  
  743b84a1b500e9ba00fdb38fab4d1f7f339da396
- SHA256
  
  dedcc701239ebb01d83a18302291c92397536c26aeb42dae61034c561467364b
- SHA512
  
  5994a44ba2f3dfc88d81d7d82fde4223b99fd8c14e8cbc1b4a4e6ac1db5ae450636437d68ae160f4484a70e1d03af7201ebc45540e42aab6111d2dc3da6a27c3
- SSDEEP
  
  12288:4ncaaxFqyf8yFL/tOG+eNdUoC+fHXrK45sRmC7VdF:acaax4W8+L/QePUnarK4xCBH
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral10 behavioral9
- Target
  
  ToolStatus.dll
- Size
  
  243KB
- MD5
  
  3788efff135f8b17a179d02334d505e6
- SHA1
  
  d6c965ba09b626d7d157372756ea1ec52a43f6b7
- SHA256
  
  5713d40dec146dbc819230daefe1b886fa6d6f6dbd619301bb8899562195cbab
- SHA512
  
  215d6c3665323901d41ae5151908c4e084a04a1558617016f0788194304e066410b92943bd6c119339727037ee02cfda893b9baf5603b2870d9fc5ae0c77ca7e
- SSDEEP
  
  3072:tOHhxKcNnCYBFNFAKIkpgVIgHAuopbQfhVV2aOQE6o0bp94wZOeb299zBw8:UHhrtaV3AuopMMeb21w8
Score

1^/10
behavioral11 behavioral12
- Target
  
  WindowsManager.dll
- Size
  
  400KB
- MD5
  
  6ac5041dde2481a0afe693eb42bc9b0e
- SHA1
  
  a0df99e39322e6f77a423fa4fbd901fd68a316d3
- SHA256
  
  4b5d13505e2ef5617e766e5545b40ca407fb27ad3f0eba56ea96e993a68d9f11
- SHA512
  
  ffcf21542b3aaf090414a540a6a38ee682b5e2acc589a5b72362d866f5b4b4e61349d1af02d3e7ce6187ebfc68c90f40a01335f5e4af1a09ca6776ebce4e674b
- SSDEEP
  
  12288:Z0hCAz+fVDSdxD/iuBqznagsDrNuCwyqWm3dr:Z0hCAz+fVDSdxD/zWn8D5uC9Yp
Score

1^/10
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14