lumma | ac574eaf659c27c5b06ebe1cc4c125665c7219e1255f8e0ba7bbc61d5046b25c

General

Target

Nexus-Roblox.zip
Size

6.7MB
Sample

250104-1empaaykfy
MD5

3379d69cc0f4f659e9ddbe7489c340af
SHA1

1c5a761a156422fd2b54bc047a794f1cd9ed4995
SHA256

ac574eaf659c27c5b06ebe1cc4c125665c7219e1255f8e0ba7bbc61d5046b25c
SHA512

f11069f55ce297f25a19e3a18051b0f1788f8730dbc748ca2e1a545e75c61b8548f2fa41923ac41d51a3ea7e4d66beab222f37e7c670c610ca07a9cc43368c83
SSDEEP

196608:I3bPWRIsMj+csK9gh6BkfMTMV6dNC2v+sgSaD7zp3D3XIr:y5mcrClUMgd0WZ4Ir

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Targets

- Target
  
  Nexus-Roblox/DLLs/Packaged/Resource.dll
- Size
  
  189B
- MD5
  
  4427aeee68321d0f4d7befa74e669f83
- SHA1
  
  4670003762a1c217c9e8ea48fcc53f2871a7c341
- SHA256
  
  a9661f89b8d957f4e71cbe1ba0342a39e5b50a1d80d974e2e1b349a273967f1b
- SHA512
  
  9d9156aa8fdebf19363fed2edb82235642c8c20549369470e44fdc0db41324e2160968fd7dd43eecce1ce3da9c03dd05cdefc8d903a9d0394f5ca9a73f5c5fa3
Score

1^/10
behavioral1
- Target
  
  Nexus-Roblox/Nexus-Roblox.exe
- Size
  
  801KB
- MD5
  
  217c1089e6eb10d17ce3e2fc3b099a86
- SHA1
  
  2bd83604d67c3f4d66d4f3e6804b25a62df97da5
- SHA256
  
  45b6bcdbd8d962b221579ba1a17bb7239646c6a753c3d69ce6efa160dd60a824
- SHA512
  
  92f836dfd7b8962632da108d76a04aa4596eaa64ffb3ff8a12da42b018cf3319fc47e5244152356a0106bde1284484cf4cc3cbc20714f71728100dc1b15ffcca
- SSDEEP
  
  12288:93K1Pp+lMeB8zFsgMH+GsGde1vy0xt4K7waB7DFsgMH+GsGde1vy0xt4K7waB7N:pK1PSMZ3MH4KoqqV7nMH4KoqqV7N
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral2
- Target
  
  Nexus-Roblox/Serilog.dll
- Size
  
  125KB
- MD5
  
  181f3e3d0c509566283156816eb317ca
- SHA1
  
  400debdd4fb9ae24719157132a87c4bfeff7fa6c
- SHA256
  
  db0a4c4a21a1ba0937d1c22095c2b0702422efd4c7a41aaa577608288a2e69fc
- SHA512
  
  039d5a0013d6f0e916a86baa95452d79d4524f5c83b913170daa73e1333b2d424c0d9a74193e71ede3a0866b778781c57993806baa08833d11df825626e6d667
- SSDEEP
  
  3072:6obKO7RaoWuUeZk/f0Sh1HlWZm1ZZTdyGFkNUMT+P65jDt:bbKKz1UeZk/Phv8lDuPa
Score

1^/10
behavioral3
- Target
  
  Nexus-Roblox/iconengines/qsvgicon.dll
- Size
  
  34KB
- MD5
  
  a85ea17fb2ca9258e71d0a60667eae6a
- SHA1
  
  9bc4333321611769a51bcb5292c0517c227614c6
- SHA256
  
  5456152400a84c153728007bd1c7d549788d2300441addd40c18d7e17f757856
- SHA512
  
  ead8a715f75c82fe85a2d475010d8c880b13700c847840810bd6f75f6a4a418ded406133404a1c3d196461d676f8819a7bff25e556d25250d031e513303f81eb
- SSDEEP
  
  768:crdZm5mjw1lQR8Z3Zf3V+hFem0wKk84XmydDGFUf2hE:6u1lQQ3Zf3V+Lem0wKk849kUfP
Score

3^/10

discovery
behavioral4
- Target
  
  Nexus-Roblox/printsupport/windowsprintersupport.dll
- Size
  
  43KB
- MD5
  
  33861624e98d79ef87e1f936785e6f55
- SHA1
  
  774ab45bf39289f9723363ae8819a771c67b69df
- SHA256
  
  dc4f1c80081059aa1ec426a2d66afd5163b04f7a3ac0ae275bf650d66894b492
- SHA512
  
  9c56ae87d2702804f4dcc8c5cac83860f8a2f5e8c59059ab29d176e08d56b801c7e9775fc02a7c27ee14ccfc31ff64f3f50e8d2b74823ec7b48077274e56bc87
- SSDEEP
  
  768:xXhkTJrc5LMOqZidKxpsi5IW3y7GRepuACpdDGpzUf2hmAj:xXhkTecOKxpn5B3y7GRepuACpUzUf2j
Score

3^/10

discovery
behavioral5
- Target
  
  Nexus-Roblox/zlib1.dll
- Size
  
  117KB
- MD5
  
  66a3477a51e8b7d4586edf4659cde8d5
- SHA1
  
  3306c6aca3937d8bca11dd076effb03746367b9f
- SHA256
  
  cb7ab3788d10940df874acd97b1821bbb5ee4a91f3eec11982bb5bf7a3c96443
- SHA512
  
  948ba42499bba17b552723c3189289e9f07879c9303ec6f27b4d631b7d701c16fe66fc8c6a681236cef778b0cb0a14420493e048aa90bba682606ce2990c64ab
- SSDEEP
  
  3072:djf8ECbYiB317HVhVpaKdAAcsrK2M2nuh2UI6vTH2F3I:xLCbYiBp1LghAxG9BI6LH2F3I
Score

1^/10
behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6