General
-
Target
2254c1261c9c6aa2dd777a2ebf9cc28e634f1f6249f4c352b0451ef9f6406ff1.exe
-
Size
70.0MB
-
Sample
250106-cp5e3svpcp
-
MD5
d07b60405395929fa6cc003b858c2f37
-
SHA1
c1a890e84c98de3f8e330c78c534cf434b677a97
-
SHA256
2254c1261c9c6aa2dd777a2ebf9cc28e634f1f6249f4c352b0451ef9f6406ff1
-
SHA512
d6f0ba6d9bebfeca0c3e30361d30ea84120423491236687af277d7d1bb68affaea202eafada86384282329c9cd37bc9e6f87a4ac9ef981478a4aaaff66a0097c
-
SSDEEP
24576:3iDV9lNv94RgIN8KCABMAAgSfFnhk0+H3epbMwsIF2r1Sxvf:OlNv9eg9QOAIfFnhk0o3VIUr1m
Malware Config
Extracted
lumma
https://cloudewahsj.shop/api
https://rabidcowse.shop/api
https://noisycuttej.shop/api
https://tirepublicerj.shop/api
https://framekgirus.shop/api
https://wholersorie.shop/api
https://abruptyopsn.shop/api
https://nearycrepso.shop/api
Extracted
lumma
https://abruptyopsn.shop/api
https://wholersorie.shop/api
https://framekgirus.shop/api
https://tirepublicerj.shop/api
https://noisycuttej.shop/api
https://rabidcowse.shop/api
https://cloudewahsj.shop/api
Targets
-
-
Target
2254c1261c9c6aa2dd777a2ebf9cc28e634f1f6249f4c352b0451ef9f6406ff1.exe
-
Size
70.0MB
-
MD5
d07b60405395929fa6cc003b858c2f37
-
SHA1
c1a890e84c98de3f8e330c78c534cf434b677a97
-
SHA256
2254c1261c9c6aa2dd777a2ebf9cc28e634f1f6249f4c352b0451ef9f6406ff1
-
SHA512
d6f0ba6d9bebfeca0c3e30361d30ea84120423491236687af277d7d1bb68affaea202eafada86384282329c9cd37bc9e6f87a4ac9ef981478a4aaaff66a0097c
-
SSDEEP
24576:3iDV9lNv94RgIN8KCABMAAgSfFnhk0+H3epbMwsIF2r1Sxvf:OlNv9eg9QOAIfFnhk0o3VIUr1m
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates processes with tasklist
-