lumma | c5d9566e11938490f3e49f34b61ae47225b10833d9aeba17c92c7119c6a16a7b

Sharing

Copy URL

Twitter E-mail

General

Target

Collapse - update3.5.1 (1).rar
Size

1.1MB
Sample

250105-jjp7jazjhq
MD5

929c2c8c3f5e55f2a1ddfb0f94d2aacb
SHA1

2b2bb3c45ab3a62c9f24c9f381456ecc7a180875
SHA256

c5d9566e11938490f3e49f34b61ae47225b10833d9aeba17c92c7119c6a16a7b
SHA512

da8ea37abb8d435f565987af419cc83875c5c9fa89fe0df7c263a4eed72726c3b495b5648f4327a4d103f5fc9e2b496641d5046e289a3385c009909d8e106436
SSDEEP

24576:biF/XzqHvygSUaTYRAdzJbbSyWDhBBAWaVEUggSWVLMtw:w/uHv9SJiAdz9Z8BBRXgSWVmw

Score

10^/10

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  Collapse - update3.5.1 (1).rar
- Size
  
  1.1MB
- MD5
  
  929c2c8c3f5e55f2a1ddfb0f94d2aacb
- SHA1
  
  2b2bb3c45ab3a62c9f24c9f381456ecc7a180875
- SHA256
  
  c5d9566e11938490f3e49f34b61ae47225b10833d9aeba17c92c7119c6a16a7b
- SHA512
  
  da8ea37abb8d435f565987af419cc83875c5c9fa89fe0df7c263a4eed72726c3b495b5648f4327a4d103f5fc9e2b496641d5046e289a3385c009909d8e106436
- SSDEEP
  
  24576:biF/XzqHvygSUaTYRAdzJbbSyWDhBBAWaVEUggSWVLMtw:w/uHv9SJiAdz9Z8BBRXgSWVmw
Score

1^/10
behavioral1 behavioral2
- Target
  
  Collapse - update3.5.1/Collapse.exe
- Size
  
  806KB
- MD5
  
  b79c52157d2d0bbb6690dc559cef571b
- SHA1
  
  09757fd7665eec76a7a06eaba2f7e9d88797d33e
- SHA256
  
  431098c18402be57d143db21f83d277e9ab1d4b8217b9db485e85586a0721972
- SHA512
  
  5c6c83cad6da6f01d6b5703b25eeb6f279d9303f42b0999568ee95bfef47cd85ca4486062e2249ef0bd8b57d653eedddc02e144502b52d706ad4ee9777940563
- SSDEEP
  
  12288:6u4dP5M4Q2Mm3Z3/B+KI5sl+AAdU0tXQjZ3/B+KI5sl+AAdU0tXQJ:T4dPpQPmpPB+A+AKUUgFPB+A+AKUUgJ
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  Collapse - update3.5.1/bin/WindowsManager.dll
- Size
  
  977KB
- MD5
  
  4f0d530ed395a92d285672e411cd5786
- SHA1
  
  09988f7e34aa3b87ce6ad54c24d08cd0b7d67b96
- SHA256
  
  6a0ab06d6f391ced7142926508e88e323548c895d310e335a127dc991b46e239
- SHA512
  
  a0b9185a864c91e4ea4193fa0375b02cda12c504c22cf7f24f518116bf6a88939e2509b03af57f103df0a1a8301f5c653bcd1391f32d8f1813bdc02352d0dbae
- SSDEEP
  
  24576:KZ3IXlkmd5MGNL/geFyNcTN+jv75TQn652VBuNybG:KZIXlniGJtF4ch+jvNm0NybG
Score

1^/10
behavioral5 behavioral6
- Target
  
  Collapse - update3.5.1/bin/licenses/LICENSE-getline.txt
- Size
  
  1KB
- MD5
  
  3a7edebc3612bcea2306f73b92342a44
- SHA1
  
  9b177bac083f79d4334373a8144899b60155ecc6
- SHA256
  
  ec5f8e03fccb3842cc62ad79ea5f6f6058988e2721a3e6566e8fb72786d485c4
- SHA512
  
  17e987e112d02b1afd430db553ba0826c4b2ae7cfeba9adc3b9d8cebc93bbb6f02024a6ef95adf623eab5331af718fd10bafbf20b2dc5e906c0d2381ca11ba8d
Score

1^/10
behavioral7 behavioral8
- Target
  
  Collapse - update3.5.1/bin/licenses/LICENSE-goodbyedpi.txt
- Size
  
  11KB
- MD5
  
  c4082b6c254c9fb71136710391d9728b
- SHA1
  
  ff426822972c8972e3e4e782baac6f5304fd458c
- SHA256
  
  e03ba41d7fab20700769fe4118bab50d800cb74f990353a05d2f5fff1c228363
- SHA512
  
  4c71355f37002b14cf072328fe42569405cac2dc13b8c6ae871a1a5e958411417b7d4238a49c60c9bf5d956c5488b8ec9f4af99a6a6f8e5d8508443e4ceed2fa
- SSDEEP
  
  192:ff9qG4QSAVOSbwF1wOFXuFJyQtxmG3ep/7rlzKfHbxc+Xq0rhlkT8mjHfH2:9Ou9b01DY/rGBt+dc+aclkT8SH+
Score

1^/10
behavioral10 behavioral9
- Target
  
  Collapse - update3.5.1/bin/licenses/LICENSE-uthash.txt
- Size
  
  1KB
- MD5
  
  5cc1f1e4c71f19f580458586756c02b4
- SHA1
  
  08473f885bd0231790223311cc3a712faf8abded
- SHA256
  
  d3c6556e48104c31e3e0c62238c749c2a09ca79ee87da50b9cd29c6c9027d57d
- SHA512
  
  d038952606c33cac0870b7018e8a33fc0e4d120363b392d9f5af36fd4e2519d95f51da1f87c30787db02d71208e40f806e8e0f6c9766791086150f98b3b8a489
Score

1^/10
behavioral11 behavioral12
- Target
  
  Collapse - update3.5.1/bin/licenses/LICENSE-windivert.txt
- Size
  
  39KB
- MD5
  
  b864fbb188a7c3a11cef80f3ee902d77
- SHA1
  
  7a3f0538f8fd2ee1c30fc1952cbf83b13b360b3f
- SHA256
  
  e5453b2e71e4c4dcdb89a2539655add3a63202521cf3012b768e8bfeda199312
- SHA512
  
  eb03bb26490535d98e270c89d70dfc9d1a0e2a22ad2bc09ed316e522fb52177b24bb6a2c023c9b010837b6b9a28dfe6492dc0b77f45883385a7e66dd00463c32
- SSDEEP
  
  768:Qs57D0LVw7Y+tNdSz3ZlqXOWoInuzx3Y8N3Wib:QspD8VwVtNIq1uzZY1I
Score

1^/10
behavioral13 behavioral14
- Target
  
  Collapse - update3.5.1/bin/service_remove.cmd
- Size
  
  309B
- MD5
  
  204b35d000d6b29c1102b1d8b6a63dc7
- SHA1
  
  94a92cb8ea948b5ebac3b3eea2cb9bcf31f85e20
- SHA256
  
  63915b4b09658cdfec4c74923650398d9fc497ae3ce9e68c5592337051d2fb64
- SHA512
  
  bb9dfa323938700c562bd68e5c1bb500e39b9f7ece58a3c7284ee0a895b4bd4b2337f693e9593d190a4461d66694ea7ec135e7b83824edce9ff73b7e4d413db7
Score

1^/10
behavioral15 behavioral16
- Target
  
  Collapse - update3.5.1/bin/x86/WinDivert.dll
- Size
  
  42KB
- MD5
  
  1cb0efd60883b5637b31bf46c34ae199
- SHA1
  
  b91de8d5f072f8c6aabd029d96568effdd5662d9
- SHA256
  
  625ffdd95bfabff32d0e8a95beabcd303c01c8bba73b90402d4e84d6e15dd8e5
- SHA512
  
  68c7c257b8cd28011f4b9af09b1e4c7b3d69c6f1457ca6f68fe114fcb382e470b87b9c12ca5d6d4aedd27a103a35fac9093c08b288867cceb9621a60ac70a6f7
- SSDEEP
  
  768:/BD4bCa+EfZ9+EwleNwYLWKkR9c5s1R2wdRt7JtXwxwprTKkimOyd:/BD4bCofZ8VYwYyKkR9c542wdRQ0TKkV
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Collapse - update3.5.1/bin/x86/WinDivert32.sys
- Size
  
  75KB
- MD5
  
  cd477ee96ff05cacda8ac3c0e9316d7a
- SHA1
  
  68da0c17728aa672f140477b3822aefb5810c8b5
- SHA256
  
  29ca5ceb59c9c6993a349e82b1fd46078e6f8a302764153ab84fa22e382fcdca
- SHA512
  
  27e13504eb291a5324d824360532ca6d19c409022c72f5609ca55f92558388e3f25f1e8d657afd3d1e4f9ea9c082483c954d6f4e89df049e4f732383a04adcad
- SSDEEP
  
  1536:tVYIJtdRHzb+uzucD5GYLKYaU6s8BLcHWXizv65Q4:tmidRHzMcDQY/aC8B8gevL4
Score

1^/10
behavioral19
- Target
  
  Collapse - update3.5.1/bin/x86/WinDivert64.sys
- Size
  
  89KB
- MD5
  
  6a33620de63bccaf5e5314ee49cd58fb
- SHA1
  
  ac728b339681b2e27099fecc1419821f01d04b34
- SHA256
  
  e69b5ba3f0cd6cfb2983e442636e7f0b342b61b15264b0328317d4559c82cf50
- SHA512
  
  638d1b8aa4dc0e4ac504f51aaa3ec8375ccc3d69a4d36821f6bb98060b58586007f47966b9d58d222b9f067e12e80755f56559286cbabec8746146acaf24f945
- SSDEEP
  
  1536:8ovgCRgYL/h//oJJw5AdPtey2AyWpdsihch9WXi2v6MuO2:84jmJJsKle9A5pdsiqg/vsO2
Score

1^/10
behavioral20
- Target
  
  Collapse - update3.5.1/bin/x86/goodbyedpi.exe
- Size
  
  98KB
- MD5
  
  9c3f16d5a0aff180f9d04ae6c0fe1f28
- SHA1
  
  c0febd0e54c2a335ee348233e9555eef4816663e
- SHA256
  
  66e202c9fce9e769e2bc791b7fd6f56f21eab59f607f4ed0724e0c68c430dd1f
- SHA512
  
  746ccd373f025d95ca4f55cb212ba6b259a6f17d7e2c5807940cc0d1d31ea61c943a6aa4fc91b2ec432ed1d04ffee4b4c3b78db2cdbb474399313bf26f56a4ac
- SSDEEP
  
  3072:wjnafjFO9vbnTrjP7HzfLXDvnTr3jP7HzfLXDvbnT/rjI3XLS84mUgIDJO:46RO9vbnTrjP7HzfLXDvnTr3jP7HzfL2
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Collapse - update3.5.1/bin/x86_64/WinDivert.dll
- Size
  
  46KB
- MD5
  
  88e1c19b978436258f7c938013408a8a
- SHA1
  
  09b77c8c85757e11667a7b83231598dd67fe0b8b
- SHA256
  
  6110bfa44667405179c3e15e12af1b62037e447ed59b054b19042032995e6c7e
- SHA512
  
  eaa0d8369b76fd9a4978f14702716ae31d801cd0dc36a86531f9320b4ddb683265c4f0e07af2b9d2e85f513270d98d1b11ae7d501d08287442bc505176d16e14
- SSDEEP
  
  768:itSVluu2agCfRSB3QEw2VWHxWYuaO6JXtltdUUwhqWB8TicI:bUZWECHxWDABdIyTic
Score

1^/10
behavioral23 behavioral24
- Target
  
  Collapse - update3.5.1/bin/x86_64/WinDivert64.sys
- Size
  
  89KB
- MD5
  
  6a33620de63bccaf5e5314ee49cd58fb
- SHA1
  
  ac728b339681b2e27099fecc1419821f01d04b34
- SHA256
  
  e69b5ba3f0cd6cfb2983e442636e7f0b342b61b15264b0328317d4559c82cf50
- SHA512
  
  638d1b8aa4dc0e4ac504f51aaa3ec8375ccc3d69a4d36821f6bb98060b58586007f47966b9d58d222b9f067e12e80755f56559286cbabec8746146acaf24f945
- SSDEEP
  
  1536:8ovgCRgYL/h//oJJw5AdPtey2AyWpdsihch9WXi2v6MuO2:84jmJJsKle9A5pdsiqg/vsO2
Score

1^/10
behavioral25
- Target
  
  Collapse - update3.5.1/bin/x86_64/goodbyedpi.exe
- Size
  
  99KB
- MD5
  
  afa7f66231b9cec7237e738b622c0181
- SHA1
  
  478f336ab054623abfa691f11f12bc3be31deabe
- SHA256
  
  8d412b094bb9c137ff25ba9a794d1122ecc84bb776debff6c249723a13cc31cd
- SHA512
  
  a3833d6018c6ddb63c5bc5b1a2efe2f9e517e80d28d6c59661ff625d42397e484e902ae5f211fc1586a25901c1f0d1700364f604c51a536fcc467703ce76e9d8
- SSDEEP
  
  1536:KuiGy47O/sFTEx/H6+FI87tZQkMvKghPf651Lz5e0yNgnIcm:KTGy47O/sFTExysf7PQ9KghP43VUgID
Score

1^/10
behavioral26 behavioral27
- Target
  
  Collapse - update3.5.1/licenses.txt
- Size
  
  250B
- MD5
  
  a47e9b1db6e538f5a5909cbea8ae4bb2
- SHA1
  
  d86e4c10a37d48c854b04daefda8fce8cc9df741
- SHA256
  
  f85806766dbaf4c0b41efc2aa6b1df3e890bbfcba165468841b8e0da2711c35e
- SHA512
  
  2e5f240c7192ce4be5199a2b5c2daeb73ca5f5f76db98b082914e1d2604ae1b0a470f8f1df58cd7d64a8b3cacad6319eda45ce38eb653eb0e83bab82199460fa
Score

1^/10
behavioral28 behavioral29
- Target
  
  Collapse - update3.5.1/mods/licenses/LICENSE-getline.txt
- Size
  
  1KB
- MD5
  
  3a7edebc3612bcea2306f73b92342a44
- SHA1
  
  9b177bac083f79d4334373a8144899b60155ecc6
- SHA256
  
  ec5f8e03fccb3842cc62ad79ea5f6f6058988e2721a3e6566e8fb72786d485c4
- SHA512
  
  17e987e112d02b1afd430db553ba0826c4b2ae7cfeba9adc3b9d8cebc93bbb6f02024a6ef95adf623eab5331af718fd10bafbf20b2dc5e906c0d2381ca11ba8d
Score

1^/10
behavioral30 behavioral31
- Target
  
  Collapse - update3.5.1/mods/licenses/LICENSE-goodbyedpi.txt
- Size
  
  11KB
- MD5
  
  c4082b6c254c9fb71136710391d9728b
- SHA1
  
  ff426822972c8972e3e4e782baac6f5304fd458c
- SHA256
  
  e03ba41d7fab20700769fe4118bab50d800cb74f990353a05d2f5fff1c228363
- SHA512
  
  4c71355f37002b14cf072328fe42569405cac2dc13b8c6ae871a1a5e958411417b7d4238a49c60c9bf5d956c5488b8ec9f4af99a6a6f8e5d8508443e4ceed2fa
- SSDEEP
  
  192:ff9qG4QSAVOSbwF1wOFXuFJyQtxmG3ep/7rlzKfHbxc+Xq0rhlkT8mjHfH2:9Ou9b01DY/rGBt+dc+aclkT8SH+
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32