lumma | b3cf39e53e1045f100a129def75b7f944fee6443f8dc4ed3f3183f78ac7af8f1 | Triage

Sharing

General

Target

interfi_acid.zip
Size

8.4MB
Sample

250105-3ah7eaynav
MD5

a1927e0a66add92bd80b2956d133147c
SHA1

6354da51d6f9550fa48cb863e3ba756f31adcef1
SHA256

b3cf39e53e1045f100a129def75b7f944fee6443f8dc4ed3f3183f78ac7af8f1
SHA512

d3121522e7e7042f69aefa43602570689b7bf236c167c4d28e3b63d55baba26ba8025a67f926b72a94af88b55b3aad5abf391dceed50e4955ef996df05223cd3
SSDEEP

196608:9hfbf2TiHtxoxwvRMDnW8hYUSm6kkBO86SNKimHtrM6s:9RbuTCKAIPZ0k9TSNKBHtls

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://begguinnerz.biz/api

Extracted

Family

lumma

C2

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  interfi_acid.zip
- Size
  
  8.4MB
- MD5
  
  a1927e0a66add92bd80b2956d133147c
- SHA1
  
  6354da51d6f9550fa48cb863e3ba756f31adcef1
- SHA256
  
  b3cf39e53e1045f100a129def75b7f944fee6443f8dc4ed3f3183f78ac7af8f1
- SHA512
  
  d3121522e7e7042f69aefa43602570689b7bf236c167c4d28e3b63d55baba26ba8025a67f926b72a94af88b55b3aad5abf391dceed50e4955ef996df05223cd3
- SSDEEP
  
  196608:9hfbf2TiHtxoxwvRMDnW8hYUSm6kkBO86SNKimHtrM6s:9RbuTCKAIPZ0k9TSNKBHtls
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Enumerates processes with tasklist
  discovery
behavioral1
- Target
  
  gath_acid.zip
- Size
  
  8.4MB
- MD5
  
  1f9fea634570cb232d727369e927cb13
- SHA1
  
  89d6e29e2f1b8011c01f421b42991fb74cabe984
- SHA256
  
  88355269a50d367d005d5508c71c8905ad5ed74e1706d5d579b824c5589efef6
- SHA512
  
  363605c13d2db9435c76a489347b170d22e831bb80fa909bac50c9de6c60c502af3436fe593b2e1cb9563fcfec0a6aae1b4e8f24d019664f3338a2a07752f025
- SSDEEP
  
  196608:jhfbf2TiHtxoxwvRMDnW8hYUSm6kkBO86SNKimHtrM6y:jRbuTCKAIPZ0k9TSNKBHtly
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Enumerates processes with tasklist
  discovery
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer