lumma | 522a7e03226188d88442e28eced425f155642961823eb06bead1ddabab431e5d | Triage

Sharing

General

Target

522a7e03226188d88442e28eced425f155642961823eb06bead1ddabab431e5d.exe
Size

70.0MB
Sample

250106-c3fc4stkav
MD5

718cd3f9c7af9f5d66be359a52d591fa
SHA1

67e5a80879cc7e6ee2929fb54d1482d9aa5ac53d
SHA256

522a7e03226188d88442e28eced425f155642961823eb06bead1ddabab431e5d
SHA512

d36b5e3be074a4738c7299f074deca97dad04824e15a9b949657038d0d0c50c9b54824d2865dd5ecd5423dae083406d1b30e127383a1114b7eb3c1786d157ced
SSDEEP

24576:rD2ewUShGJHB3wws/zxDuL13EPe86Wsm04tRlJ1/K1fk2UQtNySW3Mb3g3:PShGNJwwyzKEPeLUnJ1ykxSWcb3g3

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

C2

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  522a7e03226188d88442e28eced425f155642961823eb06bead1ddabab431e5d.exe
- Size
  
  70.0MB
- MD5
  
  718cd3f9c7af9f5d66be359a52d591fa
- SHA1
  
  67e5a80879cc7e6ee2929fb54d1482d9aa5ac53d
- SHA256
  
  522a7e03226188d88442e28eced425f155642961823eb06bead1ddabab431e5d
- SHA512
  
  d36b5e3be074a4738c7299f074deca97dad04824e15a9b949657038d0d0c50c9b54824d2865dd5ecd5423dae083406d1b30e127383a1114b7eb3c1786d157ced
- SSDEEP
  
  24576:rD2ewUShGJHB3wws/zxDuL13EPe86Wsm04tRlJ1/K1fk2UQtNySW3Mb3g3:PShGNJwwyzKEPeLUnJ1ykxSWcb3g3
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer