lumma | e3efb668515451c399aab8e55d8a6977e1a691d8a388fb12cf0c3fe25ee5ec50

General

Target

KRNL.zip
Size

2.8MB
Sample

250102-c7472ayqaw
MD5

116a38fc222ef3b91324598ec93e8d03
SHA1

42f6679486254ac3caa6c65cf30d9597b586a3c8
SHA256

e3efb668515451c399aab8e55d8a6977e1a691d8a388fb12cf0c3fe25ee5ec50
SHA512

f68b71a26c17dcdd68ea8683d072114f9b1aa38dfb95bf9dd20b7a3dc884f8bbb330852507abd72c05e40806e79e37b6a4c5ec53ea5fa46909d8ee87db3019a0
SSDEEP

49152:nfEkBcsjT/TcQvOVnFjfy/AMWQ1XyGZGhLPJhJkwNmRTsfZ+Ykf24/LIzKlbTOUJ:hBcsjfFvWFTyZXhfGpJhJ3A5ejkf2Uki

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Extracted

Family

lumma

C2

https://fancywaxxers.shop/api

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  KRNL.exe
- Size
  
  687KB
- MD5
  
  7ec34df0a7309de040f3d8377c8b9624
- SHA1
  
  6d94948fcd2473ecc1cc9566f7bbf0904dcfdd17
- SHA256
  
  5b22523ae17968cddb6c6c0c580beec2c79d17e7f263370fb09a8970faee1176
- SHA512
  
  dbafd9e62c18962f4e4b2e2ac2d3551327f30dac3f23653dfd4e548025d694a02c3ee4b752ffb76ebf4110e06647e7a4506b3307778db6f4d676d797981c9524
- SSDEEP
  
  12288:ywTw2cEBlpO0c4WrkJ724yJFJ+lLYg61IOP7tCZwD0diL84AKMFT+23cePtf930l:Pw2cEBlpOkh524yJFAlLGIOzsW0kL8b3
Score

10^/10

discovery lumma stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  d3d9.dll
- Size
  
  1.8MB
- MD5
  
  7b7447b345be7891c781915ffb1f4dce
- SHA1
  
  891a05f75b952880136426f409435ece5d5b7a0c
- SHA256
  
  91e0b91a628c32113dbffd820cbe219a55f54d68b4aedbdcc849c70ee3772223
- SHA512
  
  8976d11781f610360b5c2aad70648107bdbdc1c99cd6a1c146162743312dea56f8a6b0ba35dc040c1a098369eac13a055c7a8157de8611d34b4e79d2c2b213e8
- SSDEEP
  
  24576:1SwHWp3qWhlDzf6uNEQbaYv2KUYPMQlZh9OPXwBxNcBWgskrh8j/2L+qblg9nP:12p3qWjzf6uaYv25LKxH4skdL+qblg9
Score

1^/10
behavioral3
- Target
  
  d3dx9_24.dll
- Size
  
  3.4MB
- MD5
  
  b165df72e13e6af74d47013504319921
- SHA1
  
  c45b192cf8904b7579bbc26c799aa7ffa5cbb1d4
- SHA256
  
  1ec422bd6421c741eef57847260967f215913649901e21dd9c46eb1b3bb10906
- SHA512
  
  859b6cd538735e5cc1c44f63d66b25588ad1ad32202cae606ff95b8c4a80f6a66db9ef7c5d43820010de9334b8bbbfb079939ce89ba0b760f5d651d7fa8268ed
- SSDEEP
  
  49152:oKcfEwqx3mAEXywKYlip1rq1UzMYdBf4Uhn6bZy4rW4uosdBxn7LFU:O8f3R4YN6SrhBpLFU
Score

1^/10
behavioral4 behavioral5
- Target
  
  vcruntime140_1.dll
- Size
  
  48KB
- MD5
  
  7e986e7469d9ab3b1138353418da1793
- SHA1
  
  77903692aae688f6d5b04511d5006c66ce4daf8b
- SHA256
  
  0e560532e721b6938dafe4055eedd0251ba5eb5994cd96937cebbcf16a7ddae5
- SHA512
  
  6c8951ae9a0e329cf32eed8bf32bd83294e7a1cf7f16dd716cedbed4caf39e56e62c5f639091f9711922443ada7dbc61dffcace093211d70a85821f19883cbea
- SSDEEP
  
  768:uzzO6ujT3MbR3vXCz6Sz2q83yvjdsrU9zcgElebe9zVFZ:rq/XU63Cjd9zcZebazDZ
Score

1^/10
behavioral6 behavioral7

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7