lumma | 55ff23173fd9a290f2d8a8821bad30e41be053f755e609ca568f315a9395e6a2 | Triage

Sharing

General

Target

exlauncherv2.3.zip
Size

4.1MB
Sample

250101-vllsnswpgj
MD5

7621aa3367c2587b12e90a81f87a8faa
SHA1

3f2fc7625fc6095606fa74cd1d15d04f420b96e8
SHA256

55ff23173fd9a290f2d8a8821bad30e41be053f755e609ca568f315a9395e6a2
SHA512

d76b10c602139b534b90dd7cc6858ee4bc5f27659e7bd95db3dd0bf6b04ba247d41766fbaf9c3ff5a7a9bb7c4517c590e5937a58ec79ea57ea1be6623e6122b3
SSDEEP

98304:/+j46QHpulKcYM6a6qMuFBMaCxPxgoA6LhwzdDuAALM:/QculKc36g9LCxP86LjLM

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

Targets

- Target
  
  absetup42.rar
- Size
  
  4.1MB
- MD5
  
  1e966c8b75ed5be8ba01bc9af3551fc1
- SHA1
  
  72dfd7ea793f824843d5434ac713584f1366ac13
- SHA256
  
  13cdeaca73ff9befeb4fda4e68a9e73bd264d13ade4e2e3f8e459b974586dcf1
- SHA512
  
  201e3c89558689a4e92375a6f416d54aa48b2ff2baf1fd8adb65be3eda23e0d110875c118d9bf744a707a7e6864c9f3a7c8b8e32b9a24963061c1fd6d591c301
- SSDEEP
  
  98304:F+j46QHpulKcYM6a6qMuFBMaCxPxgoA6LhwzdDuAALJ:FQculKc36g9LCxP86LjLJ
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  7zxa.dll
- Size
  
  221KB
- MD5
  
  04d3e794624a82228a7e683fdf22e182
- SHA1
  
  114b74e926913bb0a588e671025f9eb38e8b854b
- SHA256
  
  db3d0484228ed14ad8d3763f4880d36024fb27b189c91720ff147b92d46bcb5a
- SHA512
  
  b5767971f9075b5e483f9e77dcb50637eb81d70da86d655a230da6ad3dc5337d2a08038261f32e3867fde68fd33bf23a75b50e0381762becb46e859404e78d82
- SSDEEP
  
  3072:+ftOtcS7lCZc9Ltue1C+zV2zUmiRvgWDFSaRPQIDCuPK1gSBvAGfPFjaRv+PB7PT:etViwgLtun+soC1vx2Hr0/NG1E
Score

1^/10
behavioral3 behavioral4
- Target
  
  Data/Updater.ex
- Size
  
  414KB
- MD5
  
  a341d9bfaae6a784cb9e2ea49c183fb4
- SHA1
  
  d061c12dffa6a725f649dae49c99f157e93bb175
- SHA256
  
  52416bb8275988aa5145be6359b6c6a92e3c20817544682c2c1978b50ff2052c
- SHA512
  
  9dff4ba2abf889c9f9e71da1f91abdde1742a542b53e8c289e011113e1bcb86d4b1aaf5e7aadf97aa5ed36ab50227295e27ce700d30524f7198fd8f3928c36a2
- SSDEEP
  
  3072:bebeJQsqiaJnFdHfQoB9bls1YxRz5QZ1y+ymaQfA30KQBhYJXv4M4Mz07ROZH1pH:jh+nf4+tG/vyohq4M4M4gl7T
Score

1^/10
behavioral5 behavioral6
- Target
  
  Exlan_setup_v3.1.2.exe
- Size
  
  671.8MB
- MD5
  
  0a3b8862e11a77eefc443c202ecc8336
- SHA1
  
  a388e011c3aa07a45f269a2ebf5b9e1fab235ef4
- SHA256
  
  fe5117d476a540ae72ba713ae4781c2cb9ffa12503b34a527ad3ca7853de4929
- SHA512
  
  2b1aa70e48ca5528d2b8f4583ab9a2f7f203028693bbc768442804808860e3be6adaaf77a442bf2d51b5e4f2bfbe41daf16a93a206a7cc7e8b660091e1fa03f3
- SSDEEP
  
  49152:4NuYWEYKkHFfTvBJEvUf2vtY7uRfbQswUZcSByYGv5uuv/DYi35PB+MTRx2VT4Gt:4NhWqQFfTjEvUfH7ul5ApZdel
Score

10^/10

discovery lumma stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

lummadiscoverystealer