lumma | b49b89328099bc486bc076e131bd380524bf7efd365629d975a727334fe586e1 | Triage

Sharing

General

Target

LoaderX.zip
Size

17.0MB
Sample

250105-x92j5stmft
MD5

e6a995c34bf16ab93c3cabff19166c8b
SHA1

b83b6ec7847e13031ff9f758b1b6339d3fcd77b2
SHA256

b49b89328099bc486bc076e131bd380524bf7efd365629d975a727334fe586e1
SHA512

3abe34df98ad38ed5ba127ae537e31148a85219d4e1ec085b28012af95005ef99d7be45c5ad071714b192ebf1aaee2df144cdcbfb8db05ca9587f134b90087c3
SSDEEP

393216:JMmZnjuJA8Cg4pBeetbsVDoCeSf0sUxlUb4/pKFtz4PquA:aqUA8z4paDleSwdxKDzHuA

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://commisionipwn.shop/api

https://stitchmiscpaew.shop/api

https://ignoracndwko.shop/api

https://grassemenwji.shop/api

https://charistmatwio.shop/api

https://basedsymsotp.shop/api

https://complainnykso.shop/api

https://preachstrwnwjw.shop/api

https://glassestacwop.shop/api

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Extracted

Family

lumma

C2

https://fancywaxxers.shop/api

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  LoaderX.zip
- Size
  
  17.0MB
- MD5
  
  e6a995c34bf16ab93c3cabff19166c8b
- SHA1
  
  b83b6ec7847e13031ff9f758b1b6339d3fcd77b2
- SHA256
  
  b49b89328099bc486bc076e131bd380524bf7efd365629d975a727334fe586e1
- SHA512
  
  3abe34df98ad38ed5ba127ae537e31148a85219d4e1ec085b28012af95005ef99d7be45c5ad071714b192ebf1aaee2df144cdcbfb8db05ca9587f134b90087c3
- SSDEEP
  
  393216:JMmZnjuJA8Cg4pBeetbsVDoCeSf0sUxlUb4/pKFtz4PquA:aqUA8z4paDleSwdxKDzHuA
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Loader.exe
- Size
  
  351KB
- MD5
  
  563632d46f70efd015e04c5afc0bd791
- SHA1
  
  5bed140c2ad36d47d24c3ecfa611831b73baf7e5
- SHA256
  
  b474a71a09547dc6a5528bbea6e1ccad5485b589877ee276f038e9e7f3c8e417
- SHA512
  
  9e031aabf8e4e9bdab8d7b4a236a04aa6df0f5cd40fd869134bb13e4bdd8a422eeae763a8b3cf63177d748d3e76eb3cc989dbada4bba93701ec30ccf732bb703
- SSDEEP
  
  6144:790pJN5m3D3RzbyZXflCTnC1aNfPKSSx1L0uSnuw4qC5Hes:xc+DtbItUTSSyguwXW
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummadiscoverystealer

behavioral3

lummadiscoverystealer

behavioral4

lummadiscoverystealer