lumma | 8f90648143c92c8780cf076b716225ce76fe07e48c10ff5d1d24ed8938791511

General

Target

SmokeySpoofer-main.zip
Size

748KB
Sample

250101-1hlldswjat
MD5

4807068938430adcad94ae1f70444acf
SHA1

439c19db57e1636a3a8bdc593ef82d93688ef216
SHA256

8f90648143c92c8780cf076b716225ce76fe07e48c10ff5d1d24ed8938791511
SHA512

715119fe906f1247a12bfd94575046630041ffe2983ff2cc57c3d3f1f658bb8bfad0e8e4252442b6fdce0b68afa731f62a2c230bd4c6f1b89a7f0dbd08e17700
SSDEEP

12288:tieNFD5T5vTBkA6gAksiz/YbxZxCXUxYAuTV8wQWCPmHMHPXHek:timZt5tkNOsn4XeITV8wQ+sfek

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://covvercilverow.shop/api

https://surroundeocw.shop/api

https://abortinoiwiam.shop/api

https://pumpkinkwquo.shop/api

https://priooozekw.shop/api

https://deallyharvenw.shop/api

https://defenddsouneuw.shop/api

https://racedsuitreow.shop/api

https://roaddrermncomplai.shop/api

Targets

- Target
  
  SmokeySpoofer-main/SmokeySpoofer/Auth.cs
- Size
  
  1KB
- MD5
  
  1e8fef6386f0c75e069aa1db7dd94825
- SHA1
  
  21fa06bdbd33fa0d989b3cf18f97402055484d58
- SHA256
  
  f03759509e24bc267fcbb4d9c2a4dd76c7017095f41ea279024ddef00659802d
- SHA512
  
  1878568d5743d10ac8e8f7346551d9e66cad0656b4b2ae47c56d5aa456f2e13022d5d94db0b558887b70113f50fd40df321e27c11a61d7162a52fe66fdc171fc
Score

3^/10

execution
behavioral1
- Target
  
  SmokeySpoofer-main/SmokeySpoofer/Auth.resx
- Size
  
  83KB
- MD5
  
  ef63cc8ac4644f7e44a9029e083182cd
- SHA1
  
  ca48aecb89f2ce0b69fedec48f42fa0527ff7277
- SHA256
  
  f7fb2824950d0f3a7f37b363bb10e7654206a710d802be7b1ab1a32750e8ed8f
- SHA512
  
  06c4ca3d501a03fd3823c29c3472d4824bc324d5e52681281dbb467974e53d9a8a2ce687e66705db829a70629495108ef58c667448956c38caf6b9d4e70ca2ba
- SSDEEP
  
  1536:ZfIiWxYUeXEnvxXFVO0vnOXr2hVifuP1bKcoReY9w3Y7hkDj5/:ZfIJYUsYvW2hVigOcon9w3Yla
Score

1^/10
behavioral2
- Target
  
  SmokeySpoofer-main/SmokeySpoofer/Main.resx
- Size
  
  83KB
- MD5
  
  ef63cc8ac4644f7e44a9029e083182cd
- SHA1
  
  ca48aecb89f2ce0b69fedec48f42fa0527ff7277
- SHA256
  
  f7fb2824950d0f3a7f37b363bb10e7654206a710d802be7b1ab1a32750e8ed8f
- SHA512
  
  06c4ca3d501a03fd3823c29c3472d4824bc324d5e52681281dbb467974e53d9a8a2ce687e66705db829a70629495108ef58c667448956c38caf6b9d4e70ca2ba
- SSDEEP
  
  1536:ZfIiWxYUeXEnvxXFVO0vnOXr2hVifuP1bKcoReY9w3Y7hkDj5/:ZfIJYUsYvW2hVigOcon9w3Yla
Score

1^/10
behavioral3
- Target
  
  SmokeySpoofer-main/SmokeySpoofer/Properties/Resources.Designer.cs
- Size
  
  2KB
- MD5
  
  d64bcae8319b6882b8e0f08dc5701d7e
- SHA1
  
  c4453f0461d9ccc1fdb59b42bf63501e7323b52c
- SHA256
  
  a50d58093c8037cd4e5e6c2b5c033f7c69d5556abe64b6e84990a244f63e696d
- SHA512
  
  ba8127b4d4663c89fcfb4c8499a6b44646e5665c3e53d46d257ccdb4c41a27307f27817362c23cd2ea285cfbfc6189291a897816c487f7412df8a10734c9438f
Score

1^/10
behavioral4
- Target
  
  SmokeySpoofer-main/SmokeySpoofer/Properties/Resources.resx
- Size
  
  5KB
- MD5
  
  c07716633f086d91759ae32a18996a1a
- SHA1
  
  bf3383c20acf6e64ce49f120938456161e5f6cb9
- SHA256
  
  4e124f5a7694ffe813c60601b1b73c53e47536b1f1c0e798d4d55bfc2ca3774f
- SHA512
  
  c6ad0ec603ff69d2d1b787db9426f29d44ea1ba45cf1d2b7ec41cc2bd6d5c93af8d2299139cc1c5d10d56718f36daa37d544f8d5411fad91a72efc2e70454cdf
- SSDEEP
  
  96:ECf+lbD5X5LPXCazYV5Lv6K6uOidfaxwsxuUPFE3qxdRMvDTursrbLAy202W:Zf+tLPfYnLvFVOiFQaUR6
Score

1^/10
behavioral5
- Target
  
  SmokeySpoofer-main/SmokeySpoofer/SmokeySpoofer.exe
- Size
  
  550KB
- MD5
  
  ee6be1648866b63fd7f860fa0114f368
- SHA1
  
  42cab62fff29eb98851b33986b637514fc904f4b
- SHA256
  
  e17bf83e09457d8cecd1f3e903fa4c9770e17e823731650a453bc479591ac511
- SHA512
  
  d6492d3b3c1d94d6c87b77a9a248e8c46b889d2e23938ddb8a8e242caccb23e8cd1a1fbeffee6b140cf6fd3ea7e8da89190286a912032ce4a671257bd8e3e28a
- SSDEEP
  
  12288:SQ5vTleU6iA6AiJ/uJxZjUXUxYcuORWETWOORGzbZr4QClJJRJAr6Ok:SQ5pexaALoXe4
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

JavaScript

1

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6