General
-
Target
e632a1a9e9c8a1492a05c5293cfce1279bd1406e619ea26ef70dfe37c0982692.exe
-
Size
19KB
-
Sample
241231-mz1jzszjdr
-
MD5
53f9e29dc09bd5d1657128430799beed
-
SHA1
7960028c2c51f5cb15f94fca2c37190e720b5b00
-
SHA256
e632a1a9e9c8a1492a05c5293cfce1279bd1406e619ea26ef70dfe37c0982692
-
SHA512
4d9511bb923cd6a6b96cd85fae3d56d4946dcc99125d0dffb81973a78456179cde131f63864a20840b54e6bbdc1727ec9f7cb869a0dcf9e352ba53100b0e96bf
-
SSDEEP
384:ZRwzDLmCMw4mbE9EnLULXIQERC7UB4knNSVrmhy:ASCbbZwERC7UB4knNSpKy
Malware Config
Extracted
lumma
Targets
-
-
Target
e632a1a9e9c8a1492a05c5293cfce1279bd1406e619ea26ef70dfe37c0982692.exe
-
Size
19KB
-
MD5
53f9e29dc09bd5d1657128430799beed
-
SHA1
7960028c2c51f5cb15f94fca2c37190e720b5b00
-
SHA256
e632a1a9e9c8a1492a05c5293cfce1279bd1406e619ea26ef70dfe37c0982692
-
SHA512
4d9511bb923cd6a6b96cd85fae3d56d4946dcc99125d0dffb81973a78456179cde131f63864a20840b54e6bbdc1727ec9f7cb869a0dcf9e352ba53100b0e96bf
-
SSDEEP
384:ZRwzDLmCMw4mbE9EnLULXIQERC7UB4knNSVrmhy:ASCbbZwERC7UB4knNSpKy
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-