lumma | 4fe94c690f55a836f5bb5070c0bd9b47a0eeeac1c80ca8160dad85f6604e9768

General

Target

Xeno.zip
Size

2.9MB
Sample

241231-x2eemsvnay
MD5

c01123a36f77b6db255860287d8c5657
SHA1

f65d190837d7ce2edeea3fbf8da4a0c37c11726b
SHA256

4fe94c690f55a836f5bb5070c0bd9b47a0eeeac1c80ca8160dad85f6604e9768
SHA512

38a2cc861b451918f003aff6983f439c403e6b9df10e4d6876763c084c1c584998dce32d4091f6712871c0d21ba17ab6989d10c7c1ac602738c4d93c0c647a69
SSDEEP

49152:nfEkBcsjT/TcQvOVnFjfy/AMWQ1XyGZGhLPJhJkwNmRTsfV2LS22zYd+r+rSFRlw:hBcsjfFvWFTyZXhfGpJhJ3A5ej22EArw

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Extracted

Family

lumma

C2

https://fancywaxxers.shop/api

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  Xeno.exe
- Size
  
  720KB
- MD5
  
  dea32ffbc87664069813695a8d3d1b64
- SHA1
  
  6593096f605fe052367f47bcb475b39b96a6467d
- SHA256
  
  cead1fad9fa0ac918eb11991ca27fb7ba11c1546d05fc0c9f85cdd9603229eb2
- SHA512
  
  3318a145614124ea22fc8964ea7e70228d31bed024313a1a5e0b2dc3c607398b11445428e2d87abfa15b18f1de3313319b22be26dda18331ab5d1951496bf7b1
- SSDEEP
  
  12288:p7uCt1wYZ2rhSB20AJw2uNuS3LHb4hhHK+Bx+B8NdZJWIjeFFQC5Qla7agUkzRvQ:pqU1fUhSsEbMG6dK+BxC8N7wISFFf
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  d3d9.dll
- Size
  
  1.8MB
- MD5
  
  7b7447b345be7891c781915ffb1f4dce
- SHA1
  
  891a05f75b952880136426f409435ece5d5b7a0c
- SHA256
  
  91e0b91a628c32113dbffd820cbe219a55f54d68b4aedbdcc849c70ee3772223
- SHA512
  
  8976d11781f610360b5c2aad70648107bdbdc1c99cd6a1c146162743312dea56f8a6b0ba35dc040c1a098369eac13a055c7a8157de8611d34b4e79d2c2b213e8
- SSDEEP
  
  24576:1SwHWp3qWhlDzf6uNEQbaYv2KUYPMQlZh9OPXwBxNcBWgskrh8j/2L+qblg9nP:12p3qWjzf6uaYv25LKxH4skdL+qblg9
Score

1^/10
behavioral2
- Target
  
  d3dx9_24.dll
- Size
  
  3.4MB
- MD5
  
  b165df72e13e6af74d47013504319921
- SHA1
  
  c45b192cf8904b7579bbc26c799aa7ffa5cbb1d4
- SHA256
  
  1ec422bd6421c741eef57847260967f215913649901e21dd9c46eb1b3bb10906
- SHA512
  
  859b6cd538735e5cc1c44f63d66b25588ad1ad32202cae606ff95b8c4a80f6a66db9ef7c5d43820010de9334b8bbbfb079939ce89ba0b760f5d651d7fa8268ed
- SSDEEP
  
  49152:oKcfEwqx3mAEXywKYlip1rq1UzMYdBf4Uhn6bZy4rW4uosdBxn7LFU:O8f3R4YN6SrhBpLFU
Score

1^/10
behavioral3
- Target
  
  vcruntime140_1.dll
- Size
  
  48KB
- MD5
  
  7e986e7469d9ab3b1138353418da1793
- SHA1
  
  77903692aae688f6d5b04511d5006c66ce4daf8b
- SHA256
  
  0e560532e721b6938dafe4055eedd0251ba5eb5994cd96937cebbcf16a7ddae5
- SHA512
  
  6c8951ae9a0e329cf32eed8bf32bd83294e7a1cf7f16dd716cedbed4caf39e56e62c5f639091f9711922443ada7dbc61dffcace093211d70a85821f19883cbea
- SSDEEP
  
  768:uzzO6ujT3MbR3vXCz6Sz2q83yvjdsrU9zcgElebe9zVFZ:rq/XU63Cjd9zcZebazDZ
Score

1^/10
behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4