lumma | 673e0efee492a6a82afcce12545c4a2d46a1e9e827c33b7a1e9f0a904656a458 | Triage

Sharing

General

Target

gdi32.dll
Size

431KB
Sample

250101-3mxkkasrhn
MD5

64c287959ff0dbd10db81bded030a3a1
SHA1

acf88011455fc98d0de186520b4ddde5d1cf5f75
SHA256

673e0efee492a6a82afcce12545c4a2d46a1e9e827c33b7a1e9f0a904656a458
SHA512

d7ca03f8032e7c9d5882ead046c33388d5ebba5923abd95c3c535945ba4aa8a1fe6e47d116dd9376c6717a36bff5ac0d0dcfc599526a5fc89d81c3fd3b0517c2
SSDEEP

12288:Op8zdbqWi+wkHXZa+PkbCo0GDLob06QUQDCP2/lSWM5W:OGA+DHXZ10do06QUQDB/lU

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Targets

- Target
  
  gdi32.dll
- Size
  
  431KB
- MD5
  
  64c287959ff0dbd10db81bded030a3a1
- SHA1
  
  acf88011455fc98d0de186520b4ddde5d1cf5f75
- SHA256
  
  673e0efee492a6a82afcce12545c4a2d46a1e9e827c33b7a1e9f0a904656a458
- SHA512
  
  d7ca03f8032e7c9d5882ead046c33388d5ebba5923abd95c3c535945ba4aa8a1fe6e47d116dd9376c6717a36bff5ac0d0dcfc599526a5fc89d81c3fd3b0517c2
- SSDEEP
  
  12288:Op8zdbqWi+wkHXZa+PkbCo0GDLob06QUQDCP2/lSWM5W:OGA+DHXZ10do06QUQDB/lU
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer