lumma | e883775711e2df54fc98181d782ede135d1b5e212594fe59cb9e75be5cdfaaa6

Sharing

Copy URL

Twitter E-mail

General

Target

installer_1.05_36.9.zip
Size

20.8MB
Sample

250106-1spe2ayrgs
MD5

e866021c606a52158525d4f2df67a5cd
SHA1

bdb711c91b37bcf9306d53c396441eab5d0f4fbc
SHA256

e883775711e2df54fc98181d782ede135d1b5e212594fe59cb9e75be5cdfaaa6
SHA512

61432fdd6a5a7744ed37359cbe98786981fed6fc32795179267a571904323ea69c500b3c2cb5bd2c6572d34c212ed9bb1c1d9e5a73c5e27d95d8c8989ea7f569
SSDEEP

393216:NZmphOyRvFL6UdiB5nFxhmRvmJiS7+dMA/bYomtmx6YDjN1fxRS:NZmphOyRtJiBHKR+4MA/EpQvPxQ

Score

10^/10

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://siffinisherz.sbs/api

Targets

- Target
  
  Lang/lang-1049.dll
- Size
  
  258KB
- MD5
  
  0ac98a4bfc717523e344010a42c2f4ba
- SHA1
  
  7967769ee63b28fc8bec14854a4a0a71bda6b3f2
- SHA256
  
  68546336232aa2be277711afa7c1f08ecd5fcc92cc182f90459f0c61fb39507f
- SHA512
  
  8a5f4f19c24c24a43d9d18a8935613ad6a031b8f33d582767a2407665f1ff39a403ddaeecbf4f22a58759fcd53f81f4392192ca9fa784ff098a6c995509f9547
- SSDEEP
  
  768:KNGdfE7k4pzco2V0lyurfRZBGb052Vqa9/QkHq6KT8W8LI1LWFznKM+psOKrjG5v:KNubVGu57nUQG0HZSBTjZGmDbKzu7Axc
Score

1^/10
behavioral1 behavioral2
- Target
  
  Lang/lang-1058.dll
- Size
  
  262KB
- MD5
  
  41c75e831a5571c3f72287794391a0e6
- SHA1
  
  0fe7a9a3c905d0376001a5c46edfc0000fa82bd4
- SHA256
  
  b3ad99afdaee3b9365e7a3ffcc44c2761e22a4f92dff5e5efdc52f6b08ea0105
- SHA512
  
  d3d03f3308db1862522127300127839aa44828d29622db20aea71e6a80a51247654e380d7a0126361d85774137826fc345ae368335bb1ea9c1c8995721daf432
- SSDEEP
  
  1536:yNbT+wDopP25xej01K1+KnohMEDdQPfYBRL37KCxr:gbiwo25xwKhTDd80Rp
Score

1^/10
behavioral3 behavioral4
- Target
  
  avcodec-58.dll
- Size
  
  26.1MB
- MD5
  
  d9a55aef72309f0d7d0f2d8af597c496
- SHA1
  
  ff847e2d21a315ddabf46d4bcdffa419d5f6f36b
- SHA256
  
  04b8ebc13e3efdd3d95b20ecac79c5040c02d07333f5756635dc2ba8440abee8
- SHA512
  
  009c4d703800feafc4b52aa8aef96485aa46621d7df191f0b5fc05da44ab82e27b8345931966dc0b1c36dc39f4fcd5c824c748565531b04acf8ba5834460b114
- SSDEEP
  
  393216:MZ1/9cf2VdHCsZYopFD/lqqhrhlYIRc6f6ma14htfCbuMmUznrsCa3coY0Vowg9q:Azo69
Score

1^/10
behavioral5 behavioral6
- Target
  
  installer_1.05_36.9.exe
- Size
  
  1.1MB
- MD5
  
  586c45b07a69a89813272e425388029f
- SHA1
  
  979e0ccab38b87ac3d3d4c79a6a3d9351179df26
- SHA256
  
  41fcac4067db860114a270ffadb6083647ed54bc95e43faf1fffbb23f0cf2a2b
- SHA512
  
  b83a662985d4a1165e19bbbb52e10cbaefab972f8a8a5dd65a657b32c29a5d1b69f3c588c41469340538600ecc237a369b7dfca35cca18572511f2b997d1085e
- SSDEEP
  
  24576:SGjZb7WC6n1V1ZkIppYCHKW0pPM5nhO9LI5mnx1+lEU/6Wx:3VK11Vr/ppdqWy05nkLI5mn7DUCWx
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral7 behavioral8
- Target
  
  opengl32sw.dll
- Size
  
  20.0MB
- MD5
  
  7dbc97bfee0c7ac89da8d0c770c977b6
- SHA1
  
  a064c8d8967aaa4ada29bd9fefbe40405360412c
- SHA256
  
  963641a718f9cae2705d5299eae9b7444e84e72ab3bef96a691510dd05fa1da4
- SHA512
  
  286997501e1f5ce236c041dcb1a225b4e01c0f7c523c18e9835507a15c0ac53c4d50f74f94822125a7851fe2cb2fb72f84311a2259a5a50dce6f56ba05d1d7e8
- SSDEEP
  
  393216:LIckHor5uLnn83wAP5hxOZEa7/LzRuDFqILn5LgcKyZyQXt+8M:yEZbv
Score

1^/10
behavioral10 behavioral9
- Target
  
  vcruntime140.dll
- Size
  
  94KB
- MD5
  
  11d9ac94e8cb17bd23dea89f8e757f18
- SHA1
  
  d4fb80a512486821ad320c4fd67abcae63005158
- SHA256
  
  e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
- SHA512
  
  aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778
- SSDEEP
  
  1536:yDHLG4SsAzAvadZw+1Hcx8uIYNUzUnHg4becbK/zJrCT:yDrfZ+jPYNznHg4becbK/Fr
Score

1^/10
behavioral11 behavioral12
- Target
  
  winrar-x64.exe
- Size
  
  3.6MB
- MD5
  
  517023aad9ad2f3200057ce0b704e196
- SHA1
  
  7612058b5f0f87327b2957d5da63a2c6e65b0ea1
- SHA256
  
  de1d9040786c80f3f40f41c98aa1f6b14fc7b6f2d3db09eceadd340327164f8e
- SHA512
  
  bef1b7268d8c2c1f6c900fe392ecf11d2cd518dfa9944fb77c29c2306d20d89052a39c45d689054173ce866be1e93d4b3097131a120cd7567092527e1f50b3e1
- SSDEEP
  
  98304:vABAG9dn8V6e3yfnjvg6Tuq1LA28xv12m2ERCHo:va9dXh6q1Lf8xv5tCI
Score

5^/10

discovery persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral13 behavioral14