lumma | 0916e95325c9cf02dc0d36fa64a668cbca0f785776529056b3beec27a8c379c5

General

Target

2.3_Archive_2.3..zip
Size

44.8MB
Sample

250106-lslltawkej
MD5

ac8610ac10451b2285d354b341d8f461
SHA1

3aabcf33df2124d52fa1e0cd3245646597848ce8
SHA256

0916e95325c9cf02dc0d36fa64a668cbca0f785776529056b3beec27a8c379c5
SHA512

6ab7ed05b35fdef91ac9713c5887e55853818ade522d207653a583bba0b2d869f931a7fa317a8242c7da03aff36951b78794c19f9af2990fc6bbc57f212aeb81
SSDEEP

786432:Bmn/DnSue4djrzThFmv4Dh0XhyMUqY8Hbgl3WiuxDTTnnbUjK9YnOpX4o/:Bm/bDecrzThooh0XhyMUqY8HJiuxD3+6

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

C2

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

Targets

- Target
  
  bat.dll
- Size
  
  44.5MB
- MD5
  
  b101b25da480e0f3b2cf26d41b46392e
- SHA1
  
  0a542f74505161da3be0653c91c1e6ab26319a63
- SHA256
  
  fd249ed81e8eda2561a6860bd3d76b3d0c70583c303a6fda287399bbdd81b042
- SHA512
  
  c28f05bb96d9dc21f2a402e627d1f8d013751850e4e063b4c5ff361a9acf21c3b51b609add08fa2da6706f42203823f8e691ae0a8fb67e9719efac200627e176
- SSDEEP
  
  786432:K9rkmT0qbZf4XYDbh9T0zSRNI7Vy4cAkOL37zN+qGzFZ3ztHElmxst8jV4Ab:K9AGxbEYDbh9IkNI7Vy4cAkOLwqGzFdt
Score

1^/10
behavioral1 behavioral2
- Target
  
  setup.exe
- Size
  
  351KB
- MD5
  
  5726cc95a1a3a172f1acda81f84656e8
- SHA1
  
  82a396f4bf6563d1c019534732b9c2e855bbd577
- SHA256
  
  2338c24f78ab9872cbe6aec8c572b99328ff81b5597e552f2619e92dde7d2942
- SHA512
  
  65907f1e4f1e2a860e282aa8889b99ad5289fd5d88ddddc85edbe970184158750204e6b718779bdf02971ae6c41b98bee9db13021b90078ff7f9bff2bcbe5e24
- SSDEEP
  
  6144:g9NDWuzVf/CEjw0aA87kGJ8xF2E4rY1rww3G5CZ35w2lQOi8GfVq0epptLz:4USVA0mP8OE4r2/GQg2l8VV0p5
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4