lumma | dd95ea562335de025678407ad4dfeb923c76ba0e4eb18eb4f539876435395f5d | Triage

Sharing

General

Target

e573fa48eee29f58f98e198bad2b1459.bin
Size

18.8MB
Sample

250103-b6cwqaxmar
MD5

c103d6ff307e6cdd596f7b099b14ea8c
SHA1

4f356a2a899ef35bef3a06a8fdaf6d43fe706f69
SHA256

dd95ea562335de025678407ad4dfeb923c76ba0e4eb18eb4f539876435395f5d
SHA512

ae954eb3216ca9aa20e48476d9073a4b44b5d5cfbd78fb9020b0af7ca15162a8fd8f10d714b093fd0f043cd5bfee8dbc7ae653a310b078545529809466deac20
SSDEEP

393216:EhRBDYTxrQLSr7EZCxnlL0M8J3frwBLDISRHRbFsLlHL:EhRqTxroxHfw0iFSL

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

C2

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  adobe_illustrator_2025_v29.1_(x64)_pre-cracked.exe
- Size
  
  913.1MB
- MD5
  
  eb4c3ac3d9e180110caff98bafa7c98e
- SHA1
  
  b50b6850f9e7b0312ae89cb1c4ba49d3221604e4
- SHA256
  
  5097335b52a0946622914659e078a9a94b8026e71098e2351ec94fbad96d5caa
- SHA512
  
  fac63555a92e27b1727b301696138b8182142307d0d0496ce44a70ae68b8042e3cf15ad20835f398ff2dd231d99db1b5b70843a8a6cb752cdb6861aff9674359
- SSDEEP
  
  196608:vWjHxUa0MqC6FxRsd3334aDl4SDPpaQHVIyAONxKmfU0mZ+q7GtNzmJnqCm3GLxl:v+RUZfjGDuiIofdURuSnz7BdAkIa
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer