lumma | 1aa5e6d6344ab746bafa98782b941f3ff7cf60d98a38bd50111789000597c75c | Triage

Sharing

General

Target

appFile.zip
Size

23.1MB
Sample

241231-ts35vsylbz
MD5

4950f7556df1dc0ee71e793107a610ab
SHA1

cc130072393fc21025ec1c7646772cfd7d3645b3
SHA256

1aa5e6d6344ab746bafa98782b941f3ff7cf60d98a38bd50111789000597c75c
SHA512

d0d3b570adab492659b9454fa65037d19d7bd8048c14f5f5f86802dcaf8290090865c8734ba2acaf854bbd35fe66dcc074b8e04a1ab60deaa11aebca6aedb5bb
SSDEEP

393216:fPBOuDkw6+w1BaW2h++JZozI/gSlmzaB+F9sRANoUPPeacm1WvmwSUAnevsJB9Ww:fpOuHw1AWR+JZovzaB61NfPPlkg9W/t2

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

C2

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  appFile.exe
- Size
  
  819.2MB
- MD5
  
  4fcc72c433dddb6c3458ff947f423c10
- SHA1
  
  8469e0b7b8ce20ff0721676097b9e1d20e1eb2ef
- SHA256
  
  3bfa35907c5a97cd0d26478f3afd84286bf7655ce27adf245a83eb10cd70307c
- SHA512
  
  896b5257818ba053c07d1061d24d82aa79046b902d8f79ce38a4a72617fed476dfc856c93a466713f9df2e09b3d56e3a4bc33ec1984f92a5d6529f1738518270
- SSDEEP
  
  196608:1cfuoGxnRoht78USnoSfgPSulo5Ud3334MznYNRXgXq+e5wXlFYcpwEYEa7QMDJt:+fthfSnPqwhMty9T5ZHO24+72ceyf
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer