Overview

overview

10

Static

static

3

♣⇌Uρ�...up.exe

windows7-x64

10

♣⇌Uρ�...up.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ♣⇌Uρδα†ε♣$ε†μρ♣Α¢¢ε$$_₵◎dε♣9192.zip

  • Size

    24.4MB

  • Sample

    250101-ynec6a1nbs

  • MD5

    0da63feadc2cef1d026ee9e10f50d5f6

  • SHA1

    233650008f009653b31b9c97dec936be0ff8e24d

  • SHA256

    d4d34becb34c1f0a8d6a6d840305325ae24aa55288b2074c15ce130d911c07d4

  • SHA512

    cbc80aaaaaf108e6be3d28e834bc7295cd88800a23f6a4afd379dd6be46519c5cb4fb44cf9701527be782f2aaf7e11e7c9ac0bd1c0da9224bf0df00c679906f5

  • SSDEEP

    393216:V7rZL+HshClf0srZL+HM9Y75hUHdirCIZXFdgYRBiq9arFQND/iA0uLhlulydCHe:6Hkm0HM9yhMozFv9a+9iEtdsS3Wit

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://crib-endanger.sbs/api

https://faintbl0w.sbs/api

https://300snails.sbs/api

https://bored-light.sbs/api

https://3xc1aimbl0w.sbs/api

https://pull-trucker.sbs/api

https://fleez-inc.sbs/api

https://thicktoys.sbs/api

https://nail-cruzz.cyou/api

Targets

    • Target

      ♣⇌Uρδα†ε♣$ε†μρ♣Α¢¢ε$$_₵◎dε♣9192/Setup.exe

    • Size

      12.0MB

    • MD5

      a7118dffeac3772076f1a39a364d608d

    • SHA1

      6b984d9446f23579e154ec47437b9cf820fd6b67

    • SHA256

      f1973746ac0a703b23526f68c639436f0b26b0bc71c4f5adf36dc5f6e8a7f4d0

    • SHA512

      f547c13b78acda9ca0523f0f8cd966c906f70a23a266ac86156dc7e17e6349e5f506366787e7a7823e2b07b0d614c9bd08e34ca5cc4f48799b0fe36ac836e890

    • SSDEEP

      98304:ReAtQzKADvk/9TEaImN9/tiHBIn8c3hCEFRUTaZnPZOtXwH:ReAOWOM/FE1mNHiFc3hr7UTaZnhOtXwH

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks