lumma | 6e6e13804f1f979d7dae7dc2c34b79a521083a252ab6af22c510a01241c20f10

Sharing

Copy URL

Twitter E-mail

General

Target

6e6e13804f1f979d7dae7dc2c34b79a521083a252ab6af22c510a01241c20f10.zip
Size

7.7MB
Sample

250105-cswx4sxrf1
MD5

ea201b8356b91f7dd79beb887f24e82b
SHA1

5a4b3505a53eff24adece489d3133893150f5e02
SHA256

6e6e13804f1f979d7dae7dc2c34b79a521083a252ab6af22c510a01241c20f10
SHA512

72a54a0750ac4b32749f8b829906885d626a4d554655e37c207d3ca2d4bd306ddefa09fabe1cb1f8dbb77f15d30c01734de9cca8d811f33a61c2a0788e787fc8
SSDEEP

196608:+f3Wqjz86dCwcjeNW697ZtBHFib3VdLxr4Rnl2Fz5kW4k+VTK:EbMkajCnDH0bvB4WViNVm

Score

10^/10

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  About/About.pdf
- Size
  
  185KB
- MD5
  
  f8e98d604f7c63275ee8739708345baf
- SHA1
  
  218bb6ab3a6b4899c22ae798691c30acfe423a7c
- SHA256
  
  dafccfc02c2ad502683ddf61224d6d66eba1e6d5ba13a92b15381af51bb4715a
- SHA512
  
  05076043c463a3483cd6be000407ba6a5641413a4e0928b2ea1f6ab84bf2b1244c6737b221be7dc9db7a1ea8fc5ea2c34782307babe77916d33ae6cb19b6de05
- SSDEEP
  
  3072:GdbzlBgmxq3pSxw8FE92HVePu0kiFRiNifT9hQfmRcUQ88k4YLs3L2yFAVxVRjKm:GdbvTq3Mk21GuUFENYTsmRcOoY46yFAV
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  About/eulaLic.docx
- Size
  
  8KB
- MD5
  
  a729d63514511766fcdd2de19cdbd017
- SHA1
  
  737827e5c0ab0adc287d3b3bb16d26a9a42f0939
- SHA256
  
  6dda16414ec5a7f6908f6088ea5edb7c67b024c3f695fbf7048ab823bcfee728
- SHA512
  
  ad6bc65c950a94383f3f1d987508d22167343db632412b74d4734482916a7c18981dc8d84c57109f0882f6c5c6f280db876bafd24837f06996614d1bb9ce6ee2
- SSDEEP
  
  192:HLFjO9B8eBfDX/Ek8IFyMlgy/RVr1YGrtsk2whjPYwWkpeFWlMddhTdLVxFl/:HLFjO9B8eBfDXoIFyLw1YGZsk2whjPYL
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  PEiD-0.95-20081103_ExeinfoPE/pluginsdk/MASM/compile.bat
- Size
  
  152B
- MD5
  
  c08fe1558e092e9d6a601e8f455454ca
- SHA1
  
  c200afafe6b91f2e9356cc72c3b093465c13dd7d
- SHA256
  
  31d198367b1cf69adaad5ae06ce436ae00782982db97aa2098c375fb565623fa
- SHA512
  
  92ae3c0b4b3041f9e7a055b05c3bf84587ae7b3999940d69aa4dcfa9fc6b7c552ad21bb4f7fcd138707f5c529d29167b2df24c5254f969056b19e26ce7b09b5a
Score

1^/10
behavioral5 behavioral6
- Target
  
  PEiD-0.95-20081103_ExeinfoPE/pluginsdk/PowerBASIC/PEiD_Plugin.bas
- Size
  
  2KB
- MD5
  
  aa7188ca1ce0f984c1372e105e4473c6
- SHA1
  
  81a81930f914b8fae0d8333b7e6a56444af7dacd
- SHA256
  
  488b9f368fc688f05abb80a1bd6251cb203ddcddf3ab7479e420d5baab7801d4
- SHA512
  
  0aaeb5ba404e911460c48536fa155d448ceda4847d00393da7091748ec419fba7431b9ed39824c60f6a902d0c299d92e6268f88e9e8bd0befdedda57d032e3a0
Score

1^/10
behavioral7 behavioral8
- Target
  
  Loader.exe
- Size
  
  1.0MB
- MD5
  
  603257c5a5e303ce011a0bcd312ae849
- SHA1
  
  851dbfd0ca16da0acbc8e101f5bcfff6d334160c
- SHA256
  
  f7b5f30472cae037c15e915fce1f1d4270d8f3843dd56e6f34cafbefc3101a53
- SHA512
  
  63fd022aa09a546504d2955e9964f6543f67c3b16167626b0c0141f029fc8c1877373367dccf8dbd2dcfb9d261078b6f55800e16ef402a78190d2b34a25a9799
- SSDEEP
  
  24576:Eh5Z7DBzPoGjyh373H6IiHWtkPMTP2LoNy1OJqCjwHuw:gZRzPoQGL/iHkrL3O
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10