lumma | d4581c971ca9da0b40b609ed356a986b33e4e81289edacd31dc7ab8348a14d20 | Triage

Submit
Reports

Overview

overview

Static

static

3

BakkesModSetup.exe

windows11-21h2-x64

Sharing

General

Target

BakkesModSetup.exe
Size

8.3MB
Sample

250103-bnqpvswpdr
MD5

b2554efc048201c086d7be46f42d00bd
SHA1

f6a8986f77c54cce7544d4779a77d878a39ad402
SHA256

d4581c971ca9da0b40b609ed356a986b33e4e81289edacd31dc7ab8348a14d20
SHA512

6e8ed36e85ee9fbbde577ec0b2a5da6ff71872b6580e2caeffdd34820a502b4a8d8e417087a46fe21ac76bb4a9313f4e4068b06696f8ea4285485ef3f41a01da
SSDEEP

196608:AxlS+oStveNjFvtv4jQ0Y4ZLNHDj53lPu6pdWFG:A6+v5cjFvtw00dZLJBNu6Pp

Score

10^/10

lumma discovery execution persistence phishing spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

BakkesModSetup.exe

Resource

win11-20241007-en

lumma discovery execution persistence phishing spyware stealer

windows11-21h2-x64

30 signatures

600 seconds

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://begguinnerz.biz/api

Targets

- Target
  
  BakkesModSetup.exe
- Size
  
  8.3MB
- MD5
  
  b2554efc048201c086d7be46f42d00bd
- SHA1
  
  f6a8986f77c54cce7544d4779a77d878a39ad402
- SHA256
  
  d4581c971ca9da0b40b609ed356a986b33e4e81289edacd31dc7ab8348a14d20
- SHA512
  
  6e8ed36e85ee9fbbde577ec0b2a5da6ff71872b6580e2caeffdd34820a502b4a8d8e417087a46fe21ac76bb4a9313f4e4068b06696f8ea4285485ef3f41a01da
- SSDEEP
  
  196608:AxlS+oStveNjFvtv4jQ0Y4ZLNHDj53lPu6pdWFG:A6+v5cjFvtw00dZLJBNu6Pp
Score

10^/10

lumma discovery execution persistence phishing spyware stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoveryexecutionpersistencephishingspywarestealer

© 2018-2025

Terms | Privacy