lumma | a84f7d97129f649ea4f1a6b0b7e85df110fc0eaa1853f15cf47d62a7cd28ae93

Sharing

Copy URL

Twitter E-mail

General

Target

UnbanTool-main.zip
Size

1.7MB
Sample

250103-bb8pxaspfw
MD5

71f40ef12a2c8fe0f1987ce7feb3354b
SHA1

ccb824fd19443433e624621b2a29dd329b2ce1e8
SHA256

a84f7d97129f649ea4f1a6b0b7e85df110fc0eaa1853f15cf47d62a7cd28ae93
SHA512

049779adc30c82b86440613d4e4663f8459104cd774f4f906169260d6185a47fea11ddb7397cecfd6d3681aca4f23a96d24ed21d838ee3dd0ea95811401e5d32
SSDEEP

49152:47Y5Ba9knsTL1qS+c3W/UxtngwYtaOleIThMD4i:46Im81Xvm/UxRExlevl

Score

10^/10

Malware Config

Extracted

Family

lumma

https://covvercilverow.shop/api

https://surroundeocw.shop/api

https://abortinoiwiam.shop/api

https://pumpkinkwquo.shop/api

https://priooozekw.shop/api

https://deallyharvenw.shop/api

https://defenddsouneuw.shop/api

https://racedsuitreow.shop/api

https://roaddrermncomplai.shop/api

Targets

- Target
  
  UnbanTool-main.zip
- Size
  
  1.7MB
- MD5
  
  71f40ef12a2c8fe0f1987ce7feb3354b
- SHA1
  
  ccb824fd19443433e624621b2a29dd329b2ce1e8
- SHA256
  
  a84f7d97129f649ea4f1a6b0b7e85df110fc0eaa1853f15cf47d62a7cd28ae93
- SHA512
  
  049779adc30c82b86440613d4e4663f8459104cd774f4f906169260d6185a47fea11ddb7397cecfd6d3681aca4f23a96d24ed21d838ee3dd0ea95811401e5d32
- SSDEEP
  
  49152:47Y5Ba9knsTL1qS+c3W/UxtngwYtaOleIThMD4i:46Im81Xvm/UxRExlevl
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  UnbanTool-main/D3DX9_43.dll
- Size
  
  2.3MB
- MD5
  
  7160fc226391c0b50c85571fa1a546e5
- SHA1
  
  2bf450850a522a09e8d1ce0f1e443d86d934f4ad
- SHA256
  
  84b900dbd7fa978d6e0caee26fc54f2f61d92c9c75d10b35f00e3e82cd1d67b4
- SHA512
  
  dfab0eaab8c40fb80369e150cd36ff2224f3a6baf713044f47182961cd501fe4222007f9a93753ac757f64513c707c68a5cf4ae914e23fecaa4656a68df8349b
- SSDEEP
  
  49152:dbCJsk4VlPXA+15Om5wxw9Qsi55K+31BhZ64nW:YIIBnW
Score

1^/10
behavioral2
- Target
  
  UnbanTool-main/README.md
- Size
  
  563B
- MD5
  
  7a35b5191a02dcd2dbbda806b4b1b8c3
- SHA1
  
  d2edeb04b7526a31a011ca7cbc6de408cbe8ef74
- SHA256
  
  3348ffe953e783baa3afdaf4210df3e59049b6a48a16bb864b157c17d8a5eb5b
- SHA512
  
  b90e2e4861d324902c7ce78652b7b60c6af6282e27c9fe9ac8d2b0a0167d8510cf975028644ed684b94961902a7ebbfec4a516d169bd72b905e084966c1fe1ef
Score

3^/10
behavioral3
- Target
  
  UnbanTool-main/UnbanTool.exe
- Size
  
  550KB
- MD5
  
  ee6be1648866b63fd7f860fa0114f368
- SHA1
  
  42cab62fff29eb98851b33986b637514fc904f4b
- SHA256
  
  e17bf83e09457d8cecd1f3e903fa4c9770e17e823731650a453bc479591ac511
- SHA512
  
  d6492d3b3c1d94d6c87b77a9a248e8c46b889d2e23938ddb8a8e242caccb23e8cd1a1fbeffee6b140cf6fd3ea7e8da89190286a912032ce4a671257bd8e3e28a
- SSDEEP
  
  12288:SQ5vTleU6iA6AiJ/uJxZjUXUxYcuORWETWOORGzbZr4QClJJRJAr6Ok:SQ5pexaALoXe4
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral4
- Target
  
  UnbanTool-main/custom.obj
- Size
  
  1.0MB
- MD5
  
  0778abe420f1e0b8617d08c1645d0ad2
- SHA1
  
  c216235468b5efd8688a65484d200c60a87e376f
- SHA256
  
  7b7ecef41a9ba623dcdbc02cd07f148593d2f9435bf4204583cbdd0f779ca926
- SHA512
  
  36b9c9979a1f53db3ca1e81c21757509f1b774bd0158fa397567c067af1487ef19289e180155a87a671d0ff6dc708db4a2217f49b3b7de262d38b6835b9825f2
- SSDEEP
  
  12288:nICeVvuQdK+GdFYz7glFxcqq+8l/YRr8fZbPwJgLnYZ4QI4QJNW:IfVvLdg2uRrSZYZZI4QJQ
Score

3^/10
behavioral5
- Target
  
  UnbanTool-main/example_.4165A294.tlog/CL.command.1.tlog
- Size
  
  11KB
- MD5
  
  0f440441bcba0ebca3411c9102851a23
- SHA1
  
  2ec9d3a7b2aed3f03ee04cd713c7e20fc367293d
- SHA256
  
  914e0dd414cf2a75963f9c0700b2caebe90303c2b1b729759dd82dc4dc737c86
- SHA512
  
  5fea8fed46ac78cc6c8ecd72437f78431fc86f30b5980c027d1f470d5d6371c8941b85ba1609e6ad1976b9c1d8550f4ee737336885e6912a9e7b447403e8c765
- SSDEEP
  
  96:lDXceDXcHDXcBDXckDXcpyDXcVl2DXcVkDXcB:l9wSrqy+l2+kS
Score

3^/10
behavioral6
- Target
  
  UnbanTool-main/example_.4165A294.tlog/CL.read.1.tlog
- Size
  
  180KB
- MD5
  
  714267cffb54537da80454152b6bc972
- SHA1
  
  1df6d3beac4b559c6a2ec5f88aa3ec51affa43c1
- SHA256
  
  4175b5fda024db7c680d33452549b4c4742d19da2f4a964b720a1aeae6d5ba70
- SHA512
  
  aaf7ee47309d674497d2110cdaf0776abe3492764553817767d9835495d238573226e13db81792fc93356f8d612b7d1d9c5d1e681b6ef2d2a03a10ffd52a6653
- SSDEEP
  
  384:hjXU4ckSkAAOW54ckSkAAHjCLYU4ckSkAA4Hz54ckSkAA/54ckSkAAHj6:hjklAplAHj6lAOlARlAHj6
Score

3^/10
behavioral7
- Target
  
  UnbanTool-main/example_.4165A294.tlog/CL.write.1.tlog
- Size
  
  7KB
- MD5
  
  b5992bdb604b43d4f2c77a3b62495982
- SHA1
  
  bc8924b8f5b13fff335b3acee5b99dc248c12ec7
- SHA256
  
  3b9b6d5be0a4e34ea621f595c37acc8c0b563dc3e4ffc01b747024cf1bab04b6
- SHA512
  
  453d5edd5d8454d82fcdf87088f7f0c8c5cef53703d434964e04313798e6f33b21de57f1cbb90290ab528ab05899f760d096c448c463838450f428b7668a6838
- SSDEEP
  
  48:+VuQWVuQiVuhu+VuhuuVutVuJVuyVu02Vu+VuhuOEVuhucVuhucVuhupVuhudVuV:uGC1N
Score

3^/10
behavioral8
- Target
  
  UnbanTool-main/example_.4165A294.tlog/example_win32_directx9.lastbuildstate
- Size
  
  210B
- MD5
  
  e09c945765d69ffb0a8f365f64f1742d
- SHA1
  
  40630763b9167ace60368c878c2ba9204e0bc7a8
- SHA256
  
  907c13dd8b20cb9122ff7b5d346ae6687e115cebe4a9bac3c0ee9f811cf164d9
- SHA512
  
  142f02b676fc8a7ddc8d09e9f1c853ff7f5bd2f644cb0033c0324867a2c68d7201ae537b512e81db0bccb5a9e7287cceae4b471f7be03724e3a612b0d9884ba0
Score

3^/10
behavioral9
- Target
  
  UnbanTool-main/example_.4165A294.tlog/link.command.1.tlog
- Size
  
  6KB
- MD5
  
  ae974485bfcba2c508a14505e444a9b0
- SHA1
  
  e698188704c0c465fed9c0f76554c7955a552795
- SHA256
  
  a8f6ac2f1d325caac3b58991d849c07b80f76f0a5ed09d81003390e512de7d59
- SHA512
  
  7e6d8313fb870f1df048da2b9192c7b4536db318daffa58f4cab51beacaa7b70605dd28975ee47df855d659b8c846174b0cc74dd82801fa4c2b77e9e2a9e924c
- SSDEEP
  
  48:+VuhuU+VuhuQ+VuhuM+Vuhul+VuhuX+Vuhu7+Vuhu6D+Vuhufw+Vuhu1Vuhu7kM7:l5NEiWzxWlghZt7b3ZTk
Score

3^/10
behavioral10
- Target
  
  UnbanTool-main/example_.4165A294.tlog/link.read.1.tlog
- Size
  
  9KB
- MD5
  
  8a75a189345527fa52cf3f6a51cbb1b3
- SHA1
  
  f44e254ff5eac61354b9f6b2f514411befcbb2b7
- SHA256
  
  b03b732e77c901e978539f496c1bfdf9d0912ddc52eae7e993f9e2e5924af84c
- SHA512
  
  2c915420c2a9ee451b9be79b955a3abe5deaca12ea4a6f4b052ac5c45f71144e5e543031b9faf86713c4cad6807592121489bc2cc1f52a69bb4afb325eb1fd3c
- SSDEEP
  
  96:l5NEiWzxMOnt/6GOIYuG+giX7RrmMCTwtzB8PeEEnP7:l5NEiWzxMullJD
Score

3^/10
behavioral11
- Target
  
  UnbanTool-main/example_.4165A294.tlog/link.write.1.tlog
- Size
  
  3KB
- MD5
  
  46f02cff3bb089279d5506e11628010e
- SHA1
  
  f83551a93b7ca8f07695612d0f434f20bbb37cc5
- SHA256
  
  99f0f85d0cc0d828181a7a223829e76f37621821464177e8b6cadc28ccb3987f
- SHA512
  
  259b03ff514e2975bb212f52eb0aa6e41ed6647e4de17a409c762c22c73ada0cecb63f191c4abb2646a316dba0a41b30acce31b3c7f7459ac8299550baa16efb
Score

3^/10
behavioral12
- Target
  
  UnbanTool-main/example_.4165A294.tlog/link.write.2u.tlog
- Size
  
  828B
- MD5
  
  512eb926bd388f1325504376423188ed
- SHA1
  
  12b295afba8391076a14fbe1e28309d23b230062
- SHA256
  
  56de7b14576f1eb9fdd5b745b9601d707769d49804a32a4540a4bb0539f39d06
- SHA512
  
  c7a4b5c552e1ca33db7c430f26e25ac6d7ea304c6146c4a855d9c75fb6200ef201384c56a902b09384ee8dad1be619ef00324a2befcc594ca47f27226feb4f24
Score

3^/10
behavioral13
- Target
  
  UnbanTool-main/hwid_spoofer.vcxproj.filters
- Size
  
  1KB
- MD5
  
  8b4743389ecd12d7df03e18d8f394764
- SHA1
  
  edfbd6bcd60d25109292c8f1b7cde34080f7b938
- SHA256
  
  64e5237b36132da629db6ba64ebc95e9ca20f47014ee9aee1885464b1fe27188
- SHA512
  
  e2bccc65fba593f5c103285a796223605112a55034f3b20f452def50b353cc7e9839e04b997bc6343327697d3e171ef9252e07909495b394d6c5b9fd4a0b70a9
Score

3^/10
behavioral14
- Target
  
  UnbanTool-main/hwid_spoofer.vcxproj.user
- Size
  
  168B
- MD5
  
  244d056f5e959be6d9a2f7e94686f1c8
- SHA1
  
  3ba38385380485d9ff25eb142eca0a01d8ce2fab
- SHA256
  
  c06a75b13f855a94d46616796e024c52b499f8f92cf00ccb571ddbc6ff574676
- SHA512
  
  8d5c4c9e54c85c90224f7610fef69d9c7e8d0db6be369181ebed13e2be9c86b651a438f1978f99c3ef432a8cb6bc5b8df26c476e7e5b32511d0d31cd49b55f20
Score

3^/10
behavioral15

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Lumma Stealer, LummaC

Lumma family

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15