lumma | 4990545df84ebd46c77f2b4093654af750dd760894ca9044cda754d0a0bc2ec1 | Triage

Sharing

General

Target

stripped.exe
Size

24.1MB
Sample

250103-wnxhmayqcp
MD5

f26d14475af4cb8a7935eb6a690a7625
SHA1

5ca07ca27bf0b8d2caf64815eddddb42acd38e1b
SHA256

4990545df84ebd46c77f2b4093654af750dd760894ca9044cda754d0a0bc2ec1
SHA512

7e2621db99378a0d5b4b49fab2d3869002852a4380ddf46d5292230982b86214fb29dfac2669b48fb0b04c9dd93075b7af527791924e2c6907bfcd6d46aedbf6
SSDEEP

393216:gWRpCK8tTZqMmY2+YvgEcEkiShZw4N9E:gWRUK6mZCq

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

C2

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  stripped.exe
- Size
  
  24.1MB
- MD5
  
  f26d14475af4cb8a7935eb6a690a7625
- SHA1
  
  5ca07ca27bf0b8d2caf64815eddddb42acd38e1b
- SHA256
  
  4990545df84ebd46c77f2b4093654af750dd760894ca9044cda754d0a0bc2ec1
- SHA512
  
  7e2621db99378a0d5b4b49fab2d3869002852a4380ddf46d5292230982b86214fb29dfac2669b48fb0b04c9dd93075b7af527791924e2c6907bfcd6d46aedbf6
- SSDEEP
  
  393216:gWRpCK8tTZqMmY2+YvgEcEkiShZw4N9E:gWRUK6mZCq
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer