lumma | 2f02e100e26ddc58ee26a2f4e7f6116f79405cd7baba4c69abd799a119a836d0 | Triage

Sharing

General

Target

DansMinistrie.exe
Size

1.3MB
Sample

250105-x3m36swjbm
MD5

12fc06a5be478bd7c50a43ed8f0752ea
SHA1

db3375bbff1e505e058c7f4c2d9d9231a3361149
SHA256

2f02e100e26ddc58ee26a2f4e7f6116f79405cd7baba4c69abd799a119a836d0
SHA512

81e033dadf5fe2447b347d6271189c8e8a5bf036c1926c43bac0421845c34fd75fdd97ab8f93c9804e8f4b9fbf9d9977485ba27a835bb74a5b4b82da48bd7d13
SSDEEP

24576:q8kFazOV+NtfVngALFlitdnDyVgmAUo/T4Xg+Iv:2FGk+NtNTvi747ASVi

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://brendon-sharjen.biz/api

Extracted

Family

lumma

C2

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  DansMinistrie.exe
- Size
  
  1.3MB
- MD5
  
  12fc06a5be478bd7c50a43ed8f0752ea
- SHA1
  
  db3375bbff1e505e058c7f4c2d9d9231a3361149
- SHA256
  
  2f02e100e26ddc58ee26a2f4e7f6116f79405cd7baba4c69abd799a119a836d0
- SHA512
  
  81e033dadf5fe2447b347d6271189c8e8a5bf036c1926c43bac0421845c34fd75fdd97ab8f93c9804e8f4b9fbf9d9977485ba27a835bb74a5b4b82da48bd7d13
- SSDEEP
  
  24576:q8kFazOV+NtfVngALFlitdnDyVgmAUo/T4Xg+Iv:2FGk+NtNTvi747ASVi
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer