lumma | 6e0159a0233ef56f1247f4da6bdadad8872b6d6e27f75ba116303b9a82e81e33 | Triage

Sharing

General

Target

DansMinistries.exe
Size

300.0MB
Sample

250102-hbev6a1jhq
MD5

27c429268a7d9f49b217dd5c2b5f3361
SHA1

d2882c3cba0f3a74a1a39ab1c03d08ef04275825
SHA256

6e0159a0233ef56f1247f4da6bdadad8872b6d6e27f75ba116303b9a82e81e33
SHA512

23744b0e277631aa5e2efef1f9ad6591e13adbe0047ea7fa635ecbe550301f3771693f0ff837f461a32330bf692cead21fcef39b24890874ba008e5b3adf4975
SSDEEP

24576:U8kFazOV+NtfVngALFlitdnDyVgmAUo/T4Xg+Iu:YFGk+NtNTvi747ASVb

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://brendon-sharjen.biz/api

Extracted

Family

lumma

C2

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  DansMinistries.exe
- Size
  
  300.0MB
- MD5
  
  27c429268a7d9f49b217dd5c2b5f3361
- SHA1
  
  d2882c3cba0f3a74a1a39ab1c03d08ef04275825
- SHA256
  
  6e0159a0233ef56f1247f4da6bdadad8872b6d6e27f75ba116303b9a82e81e33
- SHA512
  
  23744b0e277631aa5e2efef1f9ad6591e13adbe0047ea7fa635ecbe550301f3771693f0ff837f461a32330bf692cead21fcef39b24890874ba008e5b3adf4975
- SSDEEP
  
  24576:U8kFazOV+NtfVngALFlitdnDyVgmAUo/T4Xg+Iu:YFGk+NtNTvi747ASVb
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2