lumma | 9d9bb062a766d8394442769bcc89e6dbeed4665cf1e4596a5807494e1e497671 | Triage

Sharing

General

Target

Set-up.zip
Size

4.2MB
Sample

250105-ydfs8stnfv
MD5

904fbdba6948a384a3c37232169056ff
SHA1

5453e7fa732592fbdf654d54afda1282dd435d6e
SHA256

9d9bb062a766d8394442769bcc89e6dbeed4665cf1e4596a5807494e1e497671
SHA512

dc5ef405a35025425815d17319155f83c91241aeb07c54536f270da0ec8da9b9707e3052ce87705b42c101e437b6a79d42f62186a1cfd10c20704b6ddc62f6e7
SSDEEP

24576:I62p0+PVL3qaWqdto+yBND4sKbITxgNcwVWmJR9m3k3epdMDZVS:I6CfL3qae+yBN/T1w8e9m32ecS

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

C2

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  Set-up.exe
- Size
  
  920.0MB
- MD5
  
  4c96501193eb66f09e1d36155f0862a8
- SHA1
  
  6a3a2d9eb8ba565900b73f7b28f78b95ab542eca
- SHA256
  
  fc97c31375b6c844e93c3b3ea811f1b199ecb55ae45a9137e7c2ffe1d298b544
- SHA512
  
  310526c23eb0c46e694a263d4f64552ca5fd2191938f13eec0d982b727fd6aab44d47a99651cfc1d5c8b29206fd8cbdaeb08a18b79dcc16436b46e9bad01a83a
- SSDEEP
  
  24576:DOHp0KPVf3iaW8bFE+OzNZ4yKLITxmNMu/WirL9m7k7opRaZjHM:wJf3iaM+OzN3TxuOW9m7goJ
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer