lumma | 80b916d093ebd4f34b22552a839eb6ccc158c02f1903b5e63cb5e3cc86b15698

General

Target

RobloxExecutor.rar
Size

1005KB
Sample

250102-twzxls1kfq
MD5

46e0f063de23fc8c129106cb1258d09f
SHA1

5004d7e1c36219b5583d33396389a82c4639bbdf
SHA256

80b916d093ebd4f34b22552a839eb6ccc158c02f1903b5e63cb5e3cc86b15698
SHA512

1f24186ab4e590be112b999505215ee805b4f07df3576cc94623e76ba62b1e24573dca36cdc747f4c93d1c9a75f0d928b74912fe348afc7a04ef4fa6c5ab3001
SSDEEP

12288:QzOFh64h29ZgtIbtg8KoTiFQmQWyjz/F+JH2O2/zvwNQPsQiU4PMIbxs0Sy+1xeW:gOu4c9HbtuoTiz1G/hP8PPH51TDv0f

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://ingreem-eilish.biz/api

Extracted

Family

lumma

C2

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  SolaraExecutor.exe
- Size
  
  690KB
- MD5
  
  f2fa9c21d9543d8ccbdf62d5a93e2389
- SHA1
  
  844101977d9d3e1fb2b8e3bf61f99a77a1cf0a3c
- SHA256
  
  024f81f9366285841b3ebd223c0d734978d71532ffb42d32d1ced685f9e33d4f
- SHA512
  
  39370f67a108d7e51cd7bb97e34c13e76c2560dbdd726f93bacf6332c0f1e7473c17b7129ff6ce3259f242f850e8a1d29cb9847dacc0c26e058827c7ce17b30b
- SSDEEP
  
  12288:tsFQwb0b2PL59QiwwEI9PO7LQahtplxiKxKrPrzA/tvS2oQ/ZiXCzz33ZrgB+TNr:KFQHyPbECPJcDlxiKxKns/1vL/Zi
Score

10^/10

discovery lumma stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  vstdlib_s.dll
- Size
  
  529KB
- MD5
  
  f717c0e367cfce60f5c5bc26315521a3
- SHA1
  
  c7ca997c539054f3ec718dfef7a08ccf1f92d206
- SHA256
  
  302ca2cf7849ef90a0dc0422f0dca8460ee6112a5e60715e9ae2815dc9aff309
- SHA512
  
  cf039b8d8a5515074185ec832fa96d15fde67ee9f3190eee0816979031b871d408b1aefbca9f049f73be20b4d3c4b8cf6eed7826c46455669d066a63577931bc
- SSDEEP
  
  6144:qOwIBnMtx5Md4NZe1a6a3RPkyM65IRXBB69sbmQdLR310/YcXVl7:g9e4NZeTa3RPO65XIf0/9Vl7
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  vstdlib_s64.dll
- Size
  
  691KB
- MD5
  
  67e1f65fc986a8eedae5fda5d21865ee
- SHA1
  
  d51759dfa92c39b68a1b89858e4ac37c99b7ee3d
- SHA256
  
  10d8d74a6e954655300b0ebdee923e9ef56f4b9d0c244642f1c5d286d06c48c0
- SHA512
  
  54509f85c33c88a0edc203748c15b9bab1ea45a9c0bc1b30552782bd50a4cc8a412d1ffbbbcb010814457a4a8597057eaa8875d4eef9a6ab7af1796a092c27c2
- SSDEEP
  
  6144:cVoymLrr+FAsEbf6ZwFoPs53y34c/RWmQKzR3P9zHlkTKC:om026wFoPs5q3ZzztC
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6