lumma | 01e47666d5b3c98c9fdfb3994128a7a23b109f27a526b5cc554e35201a8bfc89 | Triage

Resubmissions

03-01-2025 22:24

250103-2bfbgawqaz 10

03-01-2025 22:23

250103-2askeawpgs 1

03-01-2025 22:00

250103-1wyg4syjhj 1

Sharing

General

Target

Setup.rar
Size

107.9MB
Sample

250103-2bfbgawqaz
MD5

a2de105be06859e11c9fe5c1aaddcfa4
SHA1

61d8cea24341fb94b6de5d3d27588af400309226
SHA256

01e47666d5b3c98c9fdfb3994128a7a23b109f27a526b5cc554e35201a8bfc89
SHA512

4c6d641e1bb413b5b7f42c76ab0a6c622aefa5b3bd7eb2ca8819b19badda9fa13b80b1ec3b302371f145ec7e808336a45163325a1573450e8b4779e60eb0e39a
SSDEEP

3145728:puwjTEHG8aPVkp1hSDkz/RfXEVA5o7kN3Toingp01COy:puwjIHG8a9kpUktXHOwDgpMfy

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://begguinnerz.biz/api

Extracted

Family

lumma

C2

https://begguinnerz.biz/api

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  Setup.rar
- Size
  
  107.9MB
- MD5
  
  a2de105be06859e11c9fe5c1aaddcfa4
- SHA1
  
  61d8cea24341fb94b6de5d3d27588af400309226
- SHA256
  
  01e47666d5b3c98c9fdfb3994128a7a23b109f27a526b5cc554e35201a8bfc89
- SHA512
  
  4c6d641e1bb413b5b7f42c76ab0a6c622aefa5b3bd7eb2ca8819b19badda9fa13b80b1ec3b302371f145ec7e808336a45163325a1573450e8b4779e60eb0e39a
- SSDEEP
  
  3145728:puwjTEHG8aPVkp1hSDkz/RfXEVA5o7kN3Toingp01COy:puwjIHG8a9kpUktXHOwDgpMfy
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer