lumma | 403eca5a2ba82d0195197853d896c2bd1b13297fc4fe9e8ffd732b6fab3fdef4

General

Target

ROBLOX Cheat.zip
Size

21.3MB
Sample

241231-s1prrsxjav
MD5

f292a7b52c861a26b1ba1611499bddde
SHA1

f6398a6ab23d51dd5b1eac2f72a49990306e1f99
SHA256

403eca5a2ba82d0195197853d896c2bd1b13297fc4fe9e8ffd732b6fab3fdef4
SHA512

e9acb37910af2b5be7c07be32977316dd318a242e30927914d1477bb4b347bc02fb9b83c283a5f3ffb3dea8c85b9092d55a6eab8e14c58abf74c55730a501b34
SSDEEP

393216:COCMj1RUE3bUXOb5xklPBCNyYzE9t8svlUhnwXG3+iho0r4nMrJzcNars:COL7rUSbGY89WPh6tK4neJQNGs

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://ingreem-eilish.biz/api

Extracted

Family

lumma

C2

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  ROBLOX Cheat.zip
- Size
  
  21.3MB
- MD5
  
  f292a7b52c861a26b1ba1611499bddde
- SHA1
  
  f6398a6ab23d51dd5b1eac2f72a49990306e1f99
- SHA256
  
  403eca5a2ba82d0195197853d896c2bd1b13297fc4fe9e8ffd732b6fab3fdef4
- SHA512
  
  e9acb37910af2b5be7c07be32977316dd318a242e30927914d1477bb4b347bc02fb9b83c283a5f3ffb3dea8c85b9092d55a6eab8e14c58abf74c55730a501b34
- SSDEEP
  
  393216:COCMj1RUE3bUXOb5xklPBCNyYzE9t8svlUhnwXG3+iho0r4nMrJzcNars:COL7rUSbGY89WPh6tK4neJQNGs
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2