lumma | 60881fb0340f0104136d089421f819b3f42bbd5b42a095b6a66cfb756ec0d09a

General

Target

script.zip
Size

5.4MB
Sample

250105-w851haslgy
MD5

a8f18d05ee349962e2f6c4ec12c31adc
SHA1

decabb22b693adde8b9a50561705750d36063506
SHA256

60881fb0340f0104136d089421f819b3f42bbd5b42a095b6a66cfb756ec0d09a
SHA512

3303f2ac273617cf74579235984c6e60836a87b46726f9a96eb876af53b0a84adc7aef3b3f3462264218befbf39e673c9799a657cfbb670488971a9eaf2ceec1
SSDEEP

98304:Uu4FqHR5+l1tcINUfnffSDs4qgVpJb9139yDbcCT9QIE5fZ4t93HNWTF9wmbJ8Xu:ri85s1tcICfiDs4ptQR6fCjt8F3bJ8Xu

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Targets

- Target
  
  Qt5Concurrent.dll
- Size
  
  128KB
- MD5
  
  31955f92dd3ca70cab821b6199018ebf
- SHA1
  
  3177661f6e066460f2c859d2d5453323b68d6eda
- SHA256
  
  d4a01961fff02cc38ab906d3bffaeb49db893edc624f840e06d07985086db29f
- SHA512
  
  ec5b65741685882008769abd68fb88cf12c58b0b9d76f0a6326f352ee7a78cc4567473c50e9abe12fd8af0c06bb1ae9840ee0d5f78024580aaaf1c34e0b14504
- SSDEEP
  
  3072:3Q8Eh7XgsZxlePu00k7hkNKSBMU+m3EkbnW6//V:3rg7wmePu01CXrUkV
Score

1^/10
behavioral1
- Target
  
  Qt5Core.dll
- Size
  
  6.0MB
- MD5
  
  c49ac6ad9630be526b2f9c3a9f094b53
- SHA1
  
  5f5173c825810bbd849e32b5e6e2cb32f6c456d2
- SHA256
  
  b72018655360463896edbd86b120be6dfa7235ae8a0aaa728165cb496573acb9
- SHA512
  
  31ac473ddd3a7d4b93b9e5d023c5fa964543683b9a0429381e0ab30079a0bea39c77196533d1f94381a787ddbeae28087861f450a23b10a79192cc80cc6c9d66
- SSDEEP
  
  98304:T9eXMaQVsUlo3PakaZJsv6tWKFdu9C7izxqfhSsbyMI:EXMaQVsUlmjaZJsv6tWKFdu9C72xqfh2
Score

1^/10
behavioral2
- Target
  
  Script.exe
- Size
  
  374KB
- MD5
  
  9692fcb7996881ff1489818817d4b300
- SHA1
  
  17c9a0067ad325da87a096e62715848b8fc4ea34
- SHA256
  
  7931b9a8460e753cf1f42b6dc5dd0b32e40a17d19dd94b2fcbba55817a9a77b6
- SHA512
  
  541ad18f7ad479017167cbcb193e0e96cf3de502021c36bb9f001d2b2fc55efc32d1457d2ebdb6ef3336c902e6e2dd406f2747b319c0ea5f6777d965f6318762
- SSDEEP
  
  6144:p2pwktDrDuMtVXo6MFbdQChRNraGhIlWW1n88gupG3XZ6AZP5dw7rGViJdh4lQ9u:d4CmYP1SC7Np61uXHzPPVU9FmJ1CXEEO
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral3
- Target
  
  bin/d3dcompiler_43.dll
- Size
  
  2.0MB
- MD5
  
  1c9b45e87528b8bb8cfa884ea0099a85
- SHA1
  
  98be17e1d324790a5b206e1ea1cc4e64fbe21240
- SHA256
  
  2f23182ec6f4889397ac4bf03d62536136c5bdba825c7d2c4ef08c827f3a8a1c
- SHA512
  
  b76d780810e8617b80331b4ad56e9c753652af2e55b66795f7a7d67d6afcec5ef00d120d9b2c64126309076d8169239a721ae8b34784b639b3a3e2bf50d6ee34
- SSDEEP
  
  49152:DpX9JVeE9HP6Zpy9KyhMI50Du8LljslNsHSHFUq9OiapbbO5Akb:H3P9HP6Zpy9KyhMI50Du8LljslNsyHiS
Score

3^/10

discovery
behavioral4
- Target
  
  bin/libEGL.dll
- Size
  
  90KB
- MD5
  
  50c717ab7624384b2b2d8a953263beb2
- SHA1
  
  58d82865ab86a193f8f6ff1cbf7677525f6e217d
- SHA256
  
  63580999b8210315b664e7742b6d4f59e587d20b4d0826072a5ef311c6f25b74
- SHA512
  
  8caac7982eba6380df162b62353088339754ff211847e3921dd74f239e8a980d588b36db385acbd2ba0edcaebcfb4d272eb0405672dc158e58666b6f695a02b4
- SSDEEP
  
  1536:KGP6HhCY9bVfdiVkfynyCjUzjBUpgmsWS4dMOe9dl58Zh3Cz0b:KGPG/xViVk4yOUz26KPWHiyzy
Score

1^/10
behavioral5
- Target
  
  bin/libcrypto-1_1-x64.dll
- Size
  
  3.3MB
- MD5
  
  3390d76a13973bd46b512bf257c171c8
- SHA1
  
  cd269f1f752c272e3868b4dd6dc65464715ae0b0
- SHA256
  
  deb034588ef43db62809cc2c599374894bf7fef5df990da6eaaa0674fbec0301
- SHA512
  
  8d714e4859ffe4beb2c6a499b4d62cd549679411b5af2b50ec4f75e522e7af1943c4c29cc5d4266409351c596c6a0bb470e4ec0301e23425191f059752458620
- SSDEEP
  
  49152:cVwASOC3IU6ixBGtlqREzGbOggxFSAnVJcjp15QAMa4OHjbtNPA6UsQ0H1CPwDvF:l4+0SgbhVUsIjJW6UsB1CPwDv3uFfJ
Score

1^/10
behavioral6
- Target
  
  bin/tbb12.dll
- Size
  
  374KB
- MD5
  
  123404fa3ab377e006e8bb777dc58b36
- SHA1
  
  f716b9bc1dd30bd903c377de8ba08d1dee2827c0
- SHA256
  
  061f3b283b3e5b24c5ac45772ee19e2f4b24cdacb3ff8ae4f815fe62836e5a45
- SHA512
  
  4762511c8f75f0ee88e0b0c030fc4ded3681bd95f57b44d858a5f97bfb918d8f51df7fbed2fd473e3bd491ffec4dc1a290c3894a985cd2d7a959de140659782e
- SSDEEP
  
  3072:LMz+pybccWv9lxKs66IYtmm17NakuCzbLModItR4KzdyHohj6bdJ9qDyh6tm4MBS:LMqpyOlxKOmm17NfLPSwKL8ItmhxpLO
Score

1^/10
behavioral7

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7