lumma | 6b986de2c80821d2ac74bc2a016642a519f4b374bd3cbbbf315289ada9d018dc

General

Target

n.zip
Size

330KB
Sample

250105-t6flqa1rer
MD5

4883dcf22c76b115bed2044a71403144
SHA1

967d9b8eeb7eb852b072334106a1ce6a024a8711
SHA256

6b986de2c80821d2ac74bc2a016642a519f4b374bd3cbbbf315289ada9d018dc
SHA512

885ca4b38c3e600f13f0be73c216dd4c17e87559c8530d95210eadf5d13619f5c77a2e3d9c016a19f4fbf09997b7834f5284a9034476b85bca95ca32e2368b99
SSDEEP

6144:vU+Cz4rSsfCd7TwfnC16ISWHOFdsnv/bFRihJ88mAgg8osKdoiuCBa6ahpXwQCHE:tCcGaeMfe69UEdyRihJ8ViuCBipkOJ

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

C2

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  Nexol.exe
- Size
  
  340KB
- MD5
  
  3fc13f168ca72a690a0d4dbd9bac0e69
- SHA1
  
  74010009b8944bd0d0b534a84008253fed608c9a
- SHA256
  
  8a3fb85846036b30c76d954ef98fe64f1a6a782b2417db1cb0229050108dd532
- SHA512
  
  17c849c2080a3ccb69d959849fdc02cc2d9949a98dd750287427a2395d200afc13ba8ce342dbc9fcd1290061fa80dddfe47088e2f4a55712b821756eab945690
- SSDEEP
  
  6144:kTtAKnCj7ZrSsfCdPTwfnC16ISWHMFdsnv/bFRibJ28mAgg8oIKdeiuCBa6khpXp:qlgZGagMfe69UGdyRibJ23iuCBwpSOH
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2