General
-
Target
Set-up.zip
-
Size
3.8MB
-
Sample
250101-zspv5awmhp
-
MD5
0eccbcabfb89ccad95cd8d30a8051bb6
-
SHA1
c36ebfb44f6c5a1896cbfd3fb3e6482b5dde38c9
-
SHA256
0d779a0cf6d433cdf1fcf8f97ae456c60021fdeb8a080c505267f5bfd3b1c4af
-
SHA512
63587f6363d6910570ed2700b2c7b199321cd6747336ae91360ebe3e320cd5e037c24ebd27c9c755ce7be2334255fed7ff3f19fdfe95771e7b8882afaf7ed436
-
SSDEEP
24576:f6t8xfXqSG/r9xoQh2sl39HBJ6Bb9UNTJUKf72SCYyEo77pyuVl:f6cqSyBVl39HCEN/yDBVl
Malware Config
Extracted
lumma
https://cloudewahsj.shop/api
https://rabidcowse.shop/api
https://noisycuttej.shop/api
https://tirepublicerj.shop/api
https://framekgirus.shop/api
https://wholersorie.shop/api
https://abruptyopsn.shop/api
https://nearycrepso.shop/api
Extracted
lumma
https://abruptyopsn.shop/api
https://wholersorie.shop/api
https://framekgirus.shop/api
https://tirepublicerj.shop/api
https://noisycuttej.shop/api
https://rabidcowse.shop/api
https://cloudewahsj.shop/api
Targets
-
-
Target
Set-up.exe
-
Size
800.0MB
-
MD5
789f5d29d14845fcd589b2fc0b851334
-
SHA1
94a07132472f16b411333111c2d0f6057329088f
-
SHA256
fdcae90a93bc31967bfefa7ccbb093e2bd084e94959d72d3676c48fa7108d697
-
SHA512
36666deae33a8e1838183ee7100e8fdd56b7ef67eae0922fe4286d789ede47cd0cffaf46a953f3a212bfef4435e00ee59e73518530c8fc6b1a09dda74de35397
-
SSDEEP
24576:oJyQxTjqSG9r9B4Qr26l3jHxJ6Bb92rNJUoF72SauEEO7b9yHh3H:2bqSKnxl3jHSMl1EjMX
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Enumerates processes with tasklist
-