lumma | 4c42b2db4b6d33bec5bdd6a0c5936d60f60bf218a4c4b1109ff464369069a4db

Sharing

Copy URL

Twitter E-mail

General

Target

4c42b2db4b6d33bec5bdd6a0c5936d60f60bf218a4c4b1109ff464369069a4db.zip
Size

2.1MB
Sample

250105-cnsd5aznen
MD5

a87d1c8ded0f5267b49dea35b2e66cf2
SHA1

ad7e0697804b3360c6fff31c244283a07f41b4c6
SHA256

4c42b2db4b6d33bec5bdd6a0c5936d60f60bf218a4c4b1109ff464369069a4db
SHA512

67caa05bc60079a49f4bced90746aa73bb956e05c40ce43e0c972bd5da1ebca15a342978db041b58816390f81af93ea0c9247ad8f62962acf22505dfcb8ecfa3
SSDEEP

49152:Wwa4ueCENWbCrvDC8ZJhgse2Sp9PF+bqP29e+ryhM7axa8:Wv4ubervDbgseDHPF+bqweXhMM

Score

10^/10

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Extracted

Family

lumma

https://fancywaxxers.shop/api

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  DirectX2D.dll
- Size
  
  1.3MB
- MD5
  
  00b3e7dfc26fd3547082eb20f4eec53b
- SHA1
  
  27e5ff2320559dea39b99cec73489077db4830c2
- SHA256
  
  494d98a99ab8fce6d615bb48d4d014640da2e208002ba647e226f09b8678afa3
- SHA512
  
  181692d4d728076d6de86a78f9af725690ba9cfb3ce1c884c535b06e6b55eb8ade367ee1583bdebfaba6de27f768293e2225d0bdc1e168ea390fa629aea6fc51
- SSDEEP
  
  24576:j8SK96R8lJyi7BEEWYPkyZjNJYRKbLenypiqIW0NJo:j8SQ+8uWEFYPdN6ypGHNu
Score

1^/10
behavioral1 behavioral2
- Target
  
  Loader.exe
- Size
  
  381KB
- MD5
  
  c82607e20a40c8fd71c7416d50a7657a
- SHA1
  
  ceade457a71505263b2217f0a86fc301e41d1e4c
- SHA256
  
  db53323f9a637ad6db1d7bc3050fe55712eaf06e527d431bf111aeef09b3a5f4
- SHA512
  
  cda2821ba15c83cd115fca56d0f667d2cee314ccedbe53c4717bcdad228f9a3e1011b5eb9813de9e35c51d406329ef4bd8afc50104fd1a2d3a629afeca623d4e
- SSDEEP
  
  6144:72pwktDrDuMtoAAAySseHfMM/rE3jaIgHT2nC0osguHJL4jG9vKNfuCIO4+hQ3Pz:L4C/AFseHEj+IgHTTOg8LDyNijZkZET/
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  Other/RestSharp.dll
- Size
  
  186KB
- MD5
  
  74f7189e0d8462b4766ceda305b5e6a8
- SHA1
  
  27bc0b6410917ddd63b3a61230e61ee56b85886f
- SHA256
  
  44d7ef808bdf27da453059afe5dd132f061e302bb34b1bff3c79b74249c52640
- SHA512
  
  22f50aae579060474ef35103aab4d1010ba53790219631c15136306977422d9324e01a50ef160b6c9ae82311ecf1d8187c971fefdcb7c3639591682f36dcdae6
- SSDEEP
  
  3072:P2SM9KBg52ArSQIi+N2/4CBUBu4UH/vammBktTqTLJ1qI:u551KBa75fv2
Score

1^/10
behavioral5 behavioral6
- Target
  
  Other/Sentlog.dll
- Size
  
  125KB
- MD5
  
  181f3e3d0c509566283156816eb317ca
- SHA1
  
  400debdd4fb9ae24719157132a87c4bfeff7fa6c
- SHA256
  
  db0a4c4a21a1ba0937d1c22095c2b0702422efd4c7a41aaa577608288a2e69fc
- SHA512
  
  039d5a0013d6f0e916a86baa95452d79d4524f5c83b913170daa73e1333b2d424c0d9a74193e71ede3a0866b778781c57993806baa08833d11df825626e6d667
- SSDEEP
  
  3072:6obKO7RaoWuUeZk/f0Sh1HlWZm1ZZTdyGFkNUMT+P65jDt:bbKKz1UeZk/Phv8lDuPa
Score

1^/10
behavioral7 behavioral8
- Target
  
  Other/achevelog.dll
- Size
  
  247KB
- MD5
  
  319226c18dbc02d2ac4c0dd9dc116d53
- SHA1
  
  4ef827ec4c51cf2845e3a50fc23700177a4930f8
- SHA256
  
  eb9b84a3df6ae51759544ba04224a4f91454b8a81d54b37c846a4216bc72c15e
- SHA512
  
  dcb2b6e9e1f820472e96cd3e649cc696948d02545c141c483234aab98706c0d19051fcafafc14a928b6b2937125c61db3c49cdc45181e809d73df73f7db3cfbc
- SSDEEP
  
  6144:L5V1a8gCaIAaLPaiUoQhdTC015tRuAKObQ:rsmaIrPaikhvftA9OE
Score

1^/10
behavioral10 behavioral9
- Target
  
  Other/d2patch.dll
- Size
  
  80KB
- MD5
  
  9ed0cc60faa1ca995f75dc8b4bf407c4
- SHA1
  
  87dc3a8ef47d8b2f6c0c4570adfe91188b7dc960
- SHA256
  
  acfde5b1463c95832dd7757a0407d7b81584d1f2aa5175095ca88a47535b2557
- SHA512
  
  9ae2c83aff79dbbde9ac3499a52398241cb9342eb12d3212dacebbaf5dd3d25fb1675b2a27982cbc77f1eb3f025ebc23b28581c40e374979d64fac3aad7c2771
- SSDEEP
  
  1536:q+nxJexI0myeXrvyBuaekzvaUUozZPM9o+mnxVS49:q+nex5mRXrvyzTe9o+mR9
Score

1^/10
behavioral11 behavioral12
- Target
  
  Other/jascriptfortpatch.pdb
- Size
  
  679KB
- MD5
  
  916d32b899f1bc23b209648d007b99fd
- SHA1
  
  e3673d05d46f29e68241d4536bddf18cdd0a913d
- SHA256
  
  72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661
- SHA512
  
  60bd2693daa42637f8ae6d6460c3013c87f46f28e9b0dbf9d7f6764703b904a7c8c22e30b4ba13f1f23f6cbee7d9640ee3821c48110e67440f237c2bb2ee5eb6
- SSDEEP
  
  12288:1eos/POdGV5jfWrV/9Yeh9eRcyLfLYtT5mWxTZ/B7jW5JMtRRpKzQk:10/POdGV5jfW5VnhFyvOB7jW5JMty
Score

1^/10
behavioral13 behavioral14
- Target
  
  Other/patch.dll
- Size
  
  938KB
- MD5
  
  3169b48a9a2086e53c4493c03579902c
- SHA1
  
  5f3b2405818c29689875810164e7cd4da3f024c9
- SHA256
  
  e63ede4ebd7e64493ead8e91f475238ff7dec17eb403798e4ba27d592a9757a8
- SHA512
  
  a592ba68e008108f66c683f5d2edb29cf4ba15661151d54150089cd8ccf4d5ef265c62278a62a70a488db38a03ea4feacc9fa59173ee8220d864142ccf7dded0
- SSDEEP
  
  24576:GuiMZV9ciqJmRuzSEdaSL3+LcQVUgl3L94trn4TM9fLnIMftk:UmySaWSglJ4tUTi5t
Score

1^/10
behavioral15 behavioral16
- Target
  
  Sentlog.dll
- Size
  
  125KB
- MD5
  
  181f3e3d0c509566283156816eb317ca
- SHA1
  
  400debdd4fb9ae24719157132a87c4bfeff7fa6c
- SHA256
  
  db0a4c4a21a1ba0937d1c22095c2b0702422efd4c7a41aaa577608288a2e69fc
- SHA512
  
  039d5a0013d6f0e916a86baa95452d79d4524f5c83b913170daa73e1333b2d424c0d9a74193e71ede3a0866b778781c57993806baa08833d11df825626e6d667
- SSDEEP
  
  3072:6obKO7RaoWuUeZk/f0Sh1HlWZm1ZZTdyGFkNUMT+P65jDt:bbKKz1UeZk/Phv8lDuPa
Score

1^/10
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18