lumma | ec8cd0b52b6d8839d69c9ceb691cd5a92d183394b749c5ba354d31e124cc4557

General

Target

ec8cd0b52b6d8839d69c9ceb691cd5a92d183394b749c5ba354d31e124cc4557.exe
Size

1.1MB
Sample

250104-edwd5ssmdj
MD5

47bd83617560c80c7e805b546ea2a258
SHA1

09daba42fcaba0481d72e26a201d4eb442a842b9
SHA256

ec8cd0b52b6d8839d69c9ceb691cd5a92d183394b749c5ba354d31e124cc4557
SHA512

1d916bb6927680a1b65c414a075caf2302a5375cad9a5d5be941a56c85a1f5996435a6dbdce8614964edd325b4530a926e506a043ebe5e8f942efd152a0f25b3
SSDEEP

24576:vBg/P8B5+B25I3e3LxT3huxT5TXyV7Jir8XLLAO+:vBS0425IO1xu15ToEobL2

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

C2

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  ec8cd0b52b6d8839d69c9ceb691cd5a92d183394b749c5ba354d31e124cc4557.exe
- Size
  
  1.1MB
- MD5
  
  47bd83617560c80c7e805b546ea2a258
- SHA1
  
  09daba42fcaba0481d72e26a201d4eb442a842b9
- SHA256
  
  ec8cd0b52b6d8839d69c9ceb691cd5a92d183394b749c5ba354d31e124cc4557
- SHA512
  
  1d916bb6927680a1b65c414a075caf2302a5375cad9a5d5be941a56c85a1f5996435a6dbdce8614964edd325b4530a926e506a043ebe5e8f942efd152a0f25b3
- SSDEEP
  
  24576:vBg/P8B5+B25I3e3LxT3huxT5TXyV7Jir8XLLAO+:vBS0425IO1xu15ToEobL2
Score

10^/10

discovery lumma stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Suspicious use of NtCreateUserProcessOtherParentProcess

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2