Analysis
-
max time kernel
95s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
01-01-2025 19:44
General
-
Target
Setup.exe
-
Size
71.4MB
-
MD5
abda8cea9c2d8bc35847d4d189f61f2e
-
SHA1
ce38f933a30778130b53792109531056dfe7c03c
-
SHA256
844b0fdfa66fd6d10179b74ae064c30624581a833bf1eb759e03fd2c664bae03
-
SHA512
054036d0f81216efb7e0469abf62cbb3cdd06406b6a25778d6a1557bf8774f7f27d97e5bb9513b54a4f9a7cd8da1cab3e8bf2630e686f71454c0ff54f566cab4
-
SSDEEP
12288:c9YadW8cfnpp2pd9VvvCbs492tkIMi88hmXF8hMvW+I8uwqPwc7X2BoA/yW93BnY:MdW88nTb92LMX8oXF8hBgqYcJ
Malware Config
Extracted
lumma
https://cloudewahsj.shop/api
https://rabidcowse.shop/api
https://noisycuttej.shop/api
https://tirepublicerj.shop/api
https://framekgirus.shop/api
https://wholersorie.shop/api
https://abruptyopsn.shop/api
https://nearycrepso.shop/api
Extracted
lumma
https://abruptyopsn.shop/api
https://wholersorie.shop/api
https://framekgirus.shop/api
https://tirepublicerj.shop/api
https://noisycuttej.shop/api
https://rabidcowse.shop/api
https://cloudewahsj.shop/api
Signatures
-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
324KB
-
Filesize
324KB