lumma | 4e6b0e43f6c93746bf5b56dea3ac0f53a829be0241e92ce408d6fcc2b46aa696 | Triage

Resubmissions

02-01-2025 03:48

250102-ec2vjatqer 10

01-01-2025 14:35

250101-ryaz6a1mck 10

Sharing

General

Target

Data.exe
Size

5.0MB
Sample

250102-ec2vjatqer
MD5

74eef96b83495be873747419761cd5c7
SHA1

122c4d5a42aa8a2f459f1d24da4f332fc51ae7e9
SHA256

4e6b0e43f6c93746bf5b56dea3ac0f53a829be0241e92ce408d6fcc2b46aa696
SHA512

8d55888151751fd458527df71eeece567baf18ba902ee4d5131a7ddf1c58060da9fd935a2808700620a3ba8442ee2a2f0a897008a3e536495a2a2097b7542511
SSDEEP

98304:0qw/ZzYRr9FUZq1v4zuknXat48n9uweKPhkJzfAxkFp4GT3I:0qw/ZzApiZqSBm59IohmfA+/9M

Score

10^/10

lumma discovery evasion stealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

C2

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  Data.exe
- Size
  
  5.0MB
- MD5
  
  74eef96b83495be873747419761cd5c7
- SHA1
  
  122c4d5a42aa8a2f459f1d24da4f332fc51ae7e9
- SHA256
  
  4e6b0e43f6c93746bf5b56dea3ac0f53a829be0241e92ce408d6fcc2b46aa696
- SHA512
  
  8d55888151751fd458527df71eeece567baf18ba902ee4d5131a7ddf1c58060da9fd935a2808700620a3ba8442ee2a2f0a897008a3e536495a2a2097b7542511
- SSDEEP
  
  98304:0qw/ZzYRr9FUZq1v4zuknXat48n9uweKPhkJzfAxkFp4GT3I:0qw/ZzApiZqSBm59IohmfA+/9M
Score

10^/10

lumma discovery evasion stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Enumerates VirtualBox registry keys
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoveryevasionstealer

behavioral2

lummadiscoveryevasionstealer