lumma | 35cbb78b96dc4513c66d0492a018f7eaaaf20771471e0c1bc842c9b3f60cda33

Sharing

Copy URL

Twitter E-mail

General

Target

Loader.zip
Size

551KB
Sample

250102-vzfhtaslhp
MD5

efd285f1a78fd12056852bf5b0f086c5
SHA1

303c0346c18aee1c1cbec890132d73727d180c62
SHA256

35cbb78b96dc4513c66d0492a018f7eaaaf20771471e0c1bc842c9b3f60cda33
SHA512

bec8dace6981e77118692e93ad9cce73c7de0cadf842c4ed2a4062bfeff4cc244edde05e7c1f4ac5658df34225add406ff2658800fd58bcd3bc2e45de1e14788
SSDEEP

12288:8r5y/qI4nEgWdaQ+cbOEW58FJ89ac/Qs+Ozd2xk:8r5ySI4EgxQ+gWCIwc/3BUk

Score

10^/10

Malware Config

Extracted

Family

lumma

https://crib-endanger.sbs/api

https://faintbl0w.sbs/api

https://300snails.sbs/api

https://bored-light.sbs/api

https://3xc1aimbl0w.sbs/api

https://pull-trucker.sbs/api

https://fleez-inc.sbs/api

https://thicktoys.sbs/api

https://revirepart.biz/api

Targets

- Target
  
  Loader/Loader.exe
- Size
  
  537KB
- MD5
  
  8aa8954d770c9c9536979dff8be7532b
- SHA1
  
  e1ec65360923f9597c8667cbfd1304f33919d7f0
- SHA256
  
  f373cda95b70f31c44bf44b34f856072206fe3ea8444475939ea6d680e3d3221
- SHA512
  
  6094033ed8229e00406da9278353b1aa70ed5b1f4d87edae6904c991a97c1302f3d641b2da6f637bcc576717899bf78c85a4f139074bc3f482d0e7aa4bd421b1
- SSDEEP
  
  12288:Suq4/EQWzaQ+07OEc5yFJC9Qc/Qs+adda/Rbo2A3n2BRgiJBCyJXWT:E48QNQ+Wc0GSc/JL
Score

10^/10

discovery lumma stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Loader/dmxmlhelputils.dll
- Size
  
  259B
- MD5
  
  9abd95d760a752257bcb7f5ee3c14008
- SHA1
  
  29c4a0b474ef189b2f6a267d560b103ab5f4b323
- SHA256
  
  d9050e97477cfe7be44992a505c2cdad8f0f43a3c0bf0e1e1a3d1f175d92ac51
- SHA512
  
  f39a345e695d42d81a35b71923da8dd1907a0c48da24f580a102600fb72bcf259ee817414e736d67b0f1196dae0610a00926b1aa94640171e6f5cf09b6830da7
Score

1^/10
behavioral3 behavioral4
- Target
  
  Loader/likodi/NotificationController.dll.mui
- Size
  
  4KB
- MD5
  
  5a940db75a80c7571cc221cf3870ef78
- SHA1
  
  203ac94c768a8916ce70f6db7ada481185c06eaf
- SHA256
  
  d3e15411a49c52b69d00ea4c32a3eba6eadb26da7b7f294e90c75aa7d33f210f
- SHA512
  
  ec639abf80a633f3fa1a848d2236ca8cf28d45a5a0af85df6c3273f05fcb6db2fe6afbc057761c07234ca3f9b619866697dd357d155ab5df8e1687267ecc7099
Score

1^/10
behavioral5
- Target
  
  Loader/samlib.dll
- Size
  
  9KB
- MD5
  
  f3078d7cbe7d330f06c51dc177f58e6f
- SHA1
  
  bb191e939d938b6fd9145473b4fb16cd48e33595
- SHA256
  
  83b293af5ae8fa2f226dc86c4b9aeb5f6af41880eb72c55c895c2ab445b0bbd9
- SHA512
  
  1749bbc37baa46aa95a883029ac52a366fbbe26963ac38e34dc5f6eca150a6a6158f8657543d4ecef59dae3570180bf472c981b1473c98be9c570b42aab0e897
- SSDEEP
  
  192:xxoFkSrGiZ3P621D3xjzAS9CNnGhk8YGCPQp+7FTQgl7OQHQF2T:xxofVZ3T9jkS9ClwkvGsDppl3wET
Score

1^/10
behavioral6 behavioral7
- Target
  
  Loader/wdi.dll
- Size
  
  86KB
- MD5
  
  7d326b235ab064ff70376f1d015cc084
- SHA1
  
  3b394e93ef206d30fafbf3202a5a63a4b6667580
- SHA256
  
  404dda0bdf9a6c1c61653cf7e965f504b3a3a3b662f88c906aaa19a9c3df160c
- SHA512
  
  f33face04507edd462b40dfd0771da3f241374c99fc956def9678a05c15bf5f8c945579006ab250646120a7f983fe4a57b55c93bdf921142f6464bc74fee2347
- SSDEEP
  
  1536:2xg+XurUE+dlamMsyhirFoNZ5MtDPQEInpF6qbTyuVKiRoTnd5Zatd2nZXBjVym4:2x5XXdMTsyhirFoNZ5MtDIBpFtvLASoy
Score

3^/10

discovery
behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8