lumma | 108e409db3e36214739539bfa44a7ef62f588e60e38e79e68202dece3ae99319

General

Target

redENGINE-FiveM-main.zip
Size

988KB
Sample

250102-296w3szkbx
MD5

cef4f748c6a583149b648fd1bdb41469
SHA1

66ff4b059c7a2a395c4b920d5e54de7928afb584
SHA256

108e409db3e36214739539bfa44a7ef62f588e60e38e79e68202dece3ae99319
SHA512

d519e97095d3c774143a0fbadab3fc486e237354bfd00e9644a963332213badb417538876d51b60a1dc399480e1deb43d3a1c1c5926a60fcc14ce5c0bca2f375
SSDEEP

24576:VUGpuVhxFetCJgTWJQmrfjNiVrGroGxgkIKgo:VvuPx4tCJgaJf/NqrGMGxUdo

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://sordid-snaked.cyou/api

https://awake-weaves.cyou/api

https://wrathful-jammy.cyou/api

https://debonairnukk.xyz/api

https://diffuculttan.xyz/api

https://effecterectz.xyz/api

https://deafeninggeh.biz/api

https://immureprech.biz/api

Targets

- Target
  
  redENGINE-FiveM-main/Loader.exe
- Size
  
  393KB
- MD5
  
  3c4161be295e9e9d019ce68dae82d60a
- SHA1
  
  36447fc6418e209dff1bb8a5e576f4d46e3b3296
- SHA256
  
  0f6481dabf7871823f259eb95f3b85c37d1de8a7d1884ac77a97d887cf96f75d
- SHA512
  
  cfa2d491a5d28beb8eb908d5af61254ac4c4c88e74c53d5d00ae15ef0731df1654304199996545d1074814c0ea8a032957b28d70774f05347616428e667f70e6
- SSDEEP
  
  12288:ndoOphZgRZGJZzu/aeZjl5FeBTCVpgTfR:ndl/QZGTuHhjFe1C3gt
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  redENGINE-FiveM-main/license.dll
- Size
  
  1.2MB
- MD5
  
  36dea25d49b9dff21acebface8ea2044
- SHA1
  
  5bd97162bc98e36c124811c360dbf29c6233405e
- SHA256
  
  d960a2eac5e7f1aa04e9f8d0da4eb9bb0b097ca58d0ce83ea1bb8351baf26301
- SHA512
  
  64f06db24297e30d7ec91d3cf9ccc33f28eb9041e463933866b09de0d138d964505aa38f32158be5e5491e4aa68d8ae77bccce9c068e5980d2281a24294bccf8
- SSDEEP
  
  24576:1iE0l9oS0Cl/9qZPcYJZEiDO3ytIPMunHuGKFufrrH1:YE0l1ZlVsPc06i63aIPZnBX
Score

1^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2