lumma | a5555272fa66fe2f94db37088d8092259e37a54301a2b91cc9422a01b4849543 | Triage

Sharing

General

Target

Setup1.zip
Size

3.3MB
Sample

250101-t7264svrgr
MD5

5b023bda27e08e2c40ed972be837969f
SHA1

5369bc1bdb07d9fa0f63b6579a6e1e8c900c01f5
SHA256

a5555272fa66fe2f94db37088d8092259e37a54301a2b91cc9422a01b4849543
SHA512

be3f526f45ea0bb760d1fd5b580f0bf67ae59b076e8cfb1e1434ceddbf4d768e1914b639a86bc2c53fc83227496fc9e794f0bd5c73964b41e0d3868ac8629f0e
SSDEEP

24576:wxXFnz+OetsrXJcgedHechmKNYtwYblqCb/nC5QM+4xIniFvp:YXFnzRee5cgedHecHNYuYQC/lniZp

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

C2

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  Setup1.exe
- Size
  
  800.0MB
- MD5
  
  461a5ca27a2d0d428bc517fcb93f3701
- SHA1
  
  bbfb38709c5cec699324946affe78e27b3bc903a
- SHA256
  
  8e20b9602cc7ed5038a703a67ea1610d4f32d4bd7aee8a194b987d6bc822ab18
- SHA512
  
  f1a6b37d84b9969c0237f3e280b370b8cadc9529c70bed4a6b00f1cdd8932993f7001e462a6a259d59ea673b0d92248f0e181967876471d4e9a57dbf3a610507
- SSDEEP
  
  24576:rT8mXFzz+aetsr5J+uCd/ecbmyrYtwY/l4C3x3C5yyw+veViFh:vlXFzzTee/+uCd/ec9rYuYuwx55i
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer