General
-
Target
BoostrappersRelese.zip
-
Size
55.0MB
-
Sample
250105-eztgnstnal
-
MD5
3e713be634afb171ad2a3f4187f8e216
-
SHA1
d1acdb2e0e42b0d9078f2f2a5077a4f696662110
-
SHA256
7602178db37902eb1b5587e8f4178dc94bb3eb5c018bf04e264d129fb27cbd6f
-
SHA512
4085b392988cace282d247709240977c80488075ec2f6a1937b56fa51bbf97be8fdea89284b2ab24c32caf2ad6c800d149d5b75ba70a1cef74ca8f608a51685b
-
SSDEEP
1572864:QYYUBufZPvsxgxDhjUGx0514b6ucUm3nPdq1Y:QYJufO+xljUp5RUOE1Y
Malware Config
Extracted
lumma
https://cloudewahsj.shop/api
https://rabidcowse.shop/api
https://noisycuttej.shop/api
https://tirepublicerj.shop/api
https://framekgirus.shop/api
https://wholersorie.shop/api
https://abruptyopsn.shop/api
https://nearycrepso.shop/api
Extracted
lumma
https://abruptyopsn.shop/api
https://wholersorie.shop/api
https://framekgirus.shop/api
https://tirepublicerj.shop/api
https://noisycuttej.shop/api
https://rabidcowse.shop/api
https://cloudewahsj.shop/api
Targets
-
-
Target
BoostrappersRelese.zip
-
Size
55.0MB
-
MD5
3e713be634afb171ad2a3f4187f8e216
-
SHA1
d1acdb2e0e42b0d9078f2f2a5077a4f696662110
-
SHA256
7602178db37902eb1b5587e8f4178dc94bb3eb5c018bf04e264d129fb27cbd6f
-
SHA512
4085b392988cace282d247709240977c80488075ec2f6a1937b56fa51bbf97be8fdea89284b2ab24c32caf2ad6c800d149d5b75ba70a1cef74ca8f608a51685b
-
SSDEEP
1572864:QYYUBufZPvsxgxDhjUGx0514b6ucUm3nPdq1Y:QYJufO+xljUp5RUOE1Y
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Enumerates processes with tasklist
-