lumma | 5eb5b908e559e2974fccbf6c59984a7e9341688cef7fa9463ef7ada3d357c779 | Triage

Sharing

General

Target

SOLARA_ROBLOX
Size

8KB
Sample

250104-vnneaayma1
MD5

3adc548fd20f4f7a7a504e96e64ce5c1
SHA1

fe17430f9849d7f95666bd2bcc8991371ec06bfc
SHA256

5eb5b908e559e2974fccbf6c59984a7e9341688cef7fa9463ef7ada3d357c779
SHA512

d08a83fdf93daf5245fd257d83e7eab30dab81f337f746c0b03a983698a10030aee0218acbe3de0852d89aab0ed79a4515e42b91e30a070754116a70aeb34f26
SSDEEP

192:PN2x2BxukTqfEWnclA0EzrKKRXV1P4N4gPiayCN:AxIuKqDKKRHPkggN

Score

10^/10

lumma discovery phishing stealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

C2

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  SOLARA_ROBLOX
- Size
  
  8KB
- MD5
  
  3adc548fd20f4f7a7a504e96e64ce5c1
- SHA1
  
  fe17430f9849d7f95666bd2bcc8991371ec06bfc
- SHA256
  
  5eb5b908e559e2974fccbf6c59984a7e9341688cef7fa9463ef7ada3d357c779
- SHA512
  
  d08a83fdf93daf5245fd257d83e7eab30dab81f337f746c0b03a983698a10030aee0218acbe3de0852d89aab0ed79a4515e42b91e30a070754116a70aeb34f26
- SSDEEP
  
  192:PN2x2BxukTqfEWnclA0EzrKKRXV1P4N4gPiayCN:AxIuKqDKKRHPkggN
Score

10^/10

lumma discovery phishing stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoveryphishingstealer