lumma | 98c7ed12a9c8f8c8c4b321fe8b1f0111387961c365a2e053a2a13414cd53a2e0

General

Target

Setup.zip
Size

126.7MB
Sample

250104-cxrh7ayngn
MD5

307e7ca23242f65e49887e5455723410
SHA1

834501fda42e01480a23a2894491b7e49ae43c5f
SHA256

98c7ed12a9c8f8c8c4b321fe8b1f0111387961c365a2e053a2a13414cd53a2e0
SHA512

de97238b2a2b41e32241246a59befa9b3b92cb0e5146386cdab845809fe43be2bb6c42eba15db61eadec72c393a915b711998aa7e96333f3cec50ff56ddd9811
SSDEEP

3145728:PHBH4iP9KG0LJz4RESbbveTg4rG50sTMHO3lzgW:pHxVK3LJCDGg4rGnMIV

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Extracted

Family

lumma

C2

https://fancywaxxers.shop/api

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  Setup.zip
- Size
  
  126.7MB
- MD5
  
  307e7ca23242f65e49887e5455723410
- SHA1
  
  834501fda42e01480a23a2894491b7e49ae43c5f
- SHA256
  
  98c7ed12a9c8f8c8c4b321fe8b1f0111387961c365a2e053a2a13414cd53a2e0
- SHA512
  
  de97238b2a2b41e32241246a59befa9b3b92cb0e5146386cdab845809fe43be2bb6c42eba15db61eadec72c393a915b711998aa7e96333f3cec50ff56ddd9811
- SSDEEP
  
  3145728:PHBH4iP9KG0LJz4RESbbveTg4rG50sTMHO3lzgW:pHxVK3LJCDGg4rGnMIV
Score

10^/10

lumma rhadamanthys discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Rhadamanthys

Rhadamanthys family

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2