lumma | 74b6b5f2e54628fdc3bd5e41595f77cd2c82feaf3a894f568d7eccb10a722a08 | Triage

Sharing

General

Target

adobe_illustrator_2025_v29.1_(x64)_pre-cracked.7z
Size

15.2MB
Sample

250105-t7jd1a1rgq
MD5

8f59ed07848e3293e29bd15102a856d1
SHA1

b9c4160f8a909cfc17ca8c595c43514317f85d68
SHA256

74b6b5f2e54628fdc3bd5e41595f77cd2c82feaf3a894f568d7eccb10a722a08
SHA512

68ad0d507ee5b8b7676af63dd3e15655608304d6c1190962c6380e79500ac6892b0027729aefce65654ea5e461c3cbc131b09130c7f7048ba99e412969707600
SSDEEP

393216:Jy8rLFNI+B5GfXM2cl15n7W017NP9MeJDqtyQ20lg:Jy8rl4M2cf5nS017NFMC0yQ+

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://siffinisherz.sbs/api

Extracted

Family

lumma

C2

https://siffinisherz.sbs/api

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  appFile.exe
- Size
  
  802.2MB
- MD5
  
  243ebea390d509b7fb7387565e583320
- SHA1
  
  aa5885374538feaf6ee40132a0b4c1563851b36f
- SHA256
  
  478c23b2de51eb562ad8f227dc10a9113d4a4b1634d465a66e90aff79011ede6
- SHA512
  
  717e9a293596df0f2a56458629cb2a87b4188c2fca64a96ba354d3a9025edeb0d9cab68133413d5ae300a588b5eafff6c215fe0c53a50da77f5ffd40e3c6726d
- SSDEEP
  
  393216:cifoznUlUq0fjgcEgyUsSNdbUYA3azj7+HTlQbGhXB33HHvp1p3OqoIZ9apdx:c2obUlvUEq7wVD
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer