General
-
Target
file.7z
-
Size
16.7MB
-
Sample
250101-znrtxswlbk
-
MD5
71bfa786fdb8a48a818b3e484d617930
-
SHA1
0e21aa75ae496cc13555d7a9aad9b4f28d03eab7
-
SHA256
e78d116ef45c71f6d09c72c2db3f747561feb83506a029a27cfa5612924d327f
-
SHA512
4918f43c7c8eb1ccce264061bec6bc4dbbbe077c122b603839e638be901c02824e0c64094a090d966c4edc0a3b5e4f5cb474c5e5dbef828d68bccc2772b81e6d
-
SSDEEP
393216:yEPI9OSCtHjHBP/DKJydeWA5KPaX18R+0zOxU7zFL5k+Lfy3a8XOURi:rPxntHjhXOJKOKyiR+BxUHFHzmdi
Malware Config
Extracted
lumma
https://cloudewahsj.shop/api
https://rabidcowse.shop/api
https://noisycuttej.shop/api
https://tirepublicerj.shop/api
https://framekgirus.shop/api
https://wholersorie.shop/api
https://abruptyopsn.shop/api
https://nearycrepso.shop/api
Extracted
lumma
https://abruptyopsn.shop/api
https://wholersorie.shop/api
https://framekgirus.shop/api
https://tirepublicerj.shop/api
https://noisycuttej.shop/api
https://rabidcowse.shop/api
https://cloudewahsj.shop/api
Targets
-
-
Target
file.exe
-
Size
779.4MB
-
MD5
48a252ed8004a6b79601d0d282a84cba
-
SHA1
09354005be631cc4fdd5376e87862507bddd4699
-
SHA256
3e385223250225135232ef995cc22fb6558c9a4ea006fe697978c0353df8cd5a
-
SHA512
9aa454a7c12ba0f7803c6d81c93c1ff84f3c465d12607c18138149392ea2137e260b0088fa39b9504c58e863d797f96264cb093c60ae1370a9512c12cd84e9e7
-
SSDEEP
393216:ll6tO1HqSFgG/kEl17Ltw8OgKZp/rsX2bnAjcSmvPv:b6tOLF7/q8Og4+2DAov
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1