General
-
Target
DansMinistrie.exe
-
Size
1.3MB
-
Sample
250105-xxmkfsvqep
-
MD5
12fc06a5be478bd7c50a43ed8f0752ea
-
SHA1
db3375bbff1e505e058c7f4c2d9d9231a3361149
-
SHA256
2f02e100e26ddc58ee26a2f4e7f6116f79405cd7baba4c69abd799a119a836d0
-
SHA512
81e033dadf5fe2447b347d6271189c8e8a5bf036c1926c43bac0421845c34fd75fdd97ab8f93c9804e8f4b9fbf9d9977485ba27a835bb74a5b4b82da48bd7d13
-
SSDEEP
24576:q8kFazOV+NtfVngALFlitdnDyVgmAUo/T4Xg+Iv:2FGk+NtNTvi747ASVi
Malware Config
Extracted
lumma
https://cloudewahsj.shop/api
https://rabidcowse.shop/api
https://noisycuttej.shop/api
https://tirepublicerj.shop/api
https://framekgirus.shop/api
https://wholersorie.shop/api
https://abruptyopsn.shop/api
https://nearycrepso.shop/api
https://brendon-sharjen.biz/api
Extracted
lumma
https://abruptyopsn.shop/api
https://wholersorie.shop/api
https://framekgirus.shop/api
https://noisycuttej.shop/api
https://rabidcowse.shop/api
https://cloudewahsj.shop/api
https://tirepublicerj.shop/api
Targets
-
-
Target
DansMinistrie.exe
-
Size
1.3MB
-
MD5
12fc06a5be478bd7c50a43ed8f0752ea
-
SHA1
db3375bbff1e505e058c7f4c2d9d9231a3361149
-
SHA256
2f02e100e26ddc58ee26a2f4e7f6116f79405cd7baba4c69abd799a119a836d0
-
SHA512
81e033dadf5fe2447b347d6271189c8e8a5bf036c1926c43bac0421845c34fd75fdd97ab8f93c9804e8f4b9fbf9d9977485ba27a835bb74a5b4b82da48bd7d13
-
SSDEEP
24576:q8kFazOV+NtfVngALFlitdnDyVgmAUo/T4Xg+Iv:2FGk+NtNTvi747ASVi
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1