lumma | 384bf5ea71114839e9a56810b7e32a89e678cd80387cad1ff4a9b9766a6674f5 | Triage

Sharing

General

Target

2025-01-02_d6e31d250c883d0d3cb64cccde6be8f8_hijackloader_luca-stealer_magniber_metamorfo
Size

36.2MB
Sample

250102-b588jawpfx
MD5

d6e31d250c883d0d3cb64cccde6be8f8
SHA1

384c8df3c3bf7a461242f60b014883556d10cd72
SHA256

384bf5ea71114839e9a56810b7e32a89e678cd80387cad1ff4a9b9766a6674f5
SHA512

0d97b7ef5bb666c761a7447c46c9890405b7fcdd1b44e2aaf46af65fe50081fb367dbbf2e4f5c64dde01877483922fe93e47d1a6d41b3989e9111147b2769a71
SSDEEP

786432:vKZYengQODTqpkH7a0+RQCI4ZUXKNZMpSxW1IjOZU3ZzBvSix:/TC0+RQCIoMpSxTZFvSix

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://servicedny.site/api

https://authorisev.site/api

https://faulteyotk.site/api

https://dilemmadu.site/api

https://contemteny.site/api

https://goalyfeastz.site/api

https://opposezmny.site/api

https://seallysl.site/api

https://studentyjw.cyou/api

Targets

- Target
  
  2025-01-02_d6e31d250c883d0d3cb64cccde6be8f8_hijackloader_luca-stealer_magniber_metamorfo
- Size
  
  36.2MB
- MD5
  
  d6e31d250c883d0d3cb64cccde6be8f8
- SHA1
  
  384c8df3c3bf7a461242f60b014883556d10cd72
- SHA256
  
  384bf5ea71114839e9a56810b7e32a89e678cd80387cad1ff4a9b9766a6674f5
- SHA512
  
  0d97b7ef5bb666c761a7447c46c9890405b7fcdd1b44e2aaf46af65fe50081fb367dbbf2e4f5c64dde01877483922fe93e47d1a6d41b3989e9111147b2769a71
- SSDEEP
  
  786432:vKZYengQODTqpkH7a0+RQCI4ZUXKNZMpSxW1IjOZU3ZzBvSix:/TC0+RQCIoMpSxTZFvSix
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer