lumma | aa845a8fb4ab38aebe6a16a2a8f80ca4467ac0991d3eef4d8a10bdf97dedb1e9 | Triage

Sharing

General

Target

anrek.mp4.hta
Size

1.6MB
Sample

250106-p7e95axjgw
MD5

dbf37b54acb5e3b86a3dc93ec3b7dc24
SHA1

65100e3e23406a9f92880e202e4b006fd39f33d6
SHA256

aa845a8fb4ab38aebe6a16a2a8f80ca4467ac0991d3eef4d8a10bdf97dedb1e9
SHA512

0f785989935702715872e6621ecf9ad003f5d3d9eb8396a32fa5c0506f636a979e5c98c292885207124029c05c6dd88df33d2b91b028cdb5055ce9000dac7ae9
SSDEEP

24576:g/ISwmcPODvnBj3SoGDw/ISwmcPODvnBjc/ISwmcPODvnBj1/ISwmcPODvnBjf:g/IMcAYoGc/IMcAu/IMcAn/IMcAN

Score

10^/10

lumma discovery execution stealer

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://klipdiheqoe.shop/ruwkl.png

Extracted

Family

lumma

C2

https://grooveoiy.cyou/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

Targets

- Target
  
  anrek.mp4.hta
- Size
  
  1.6MB
- MD5
  
  dbf37b54acb5e3b86a3dc93ec3b7dc24
- SHA1
  
  65100e3e23406a9f92880e202e4b006fd39f33d6
- SHA256
  
  aa845a8fb4ab38aebe6a16a2a8f80ca4467ac0991d3eef4d8a10bdf97dedb1e9
- SHA512
  
  0f785989935702715872e6621ecf9ad003f5d3d9eb8396a32fa5c0506f636a979e5c98c292885207124029c05c6dd88df33d2b91b028cdb5055ce9000dac7ae9
- SSDEEP
  
  24576:g/ISwmcPODvnBj3SoGDw/ISwmcPODvnBjc/ISwmcPODvnBj1/ISwmcPODvnBjf:g/IMcAYoGc/IMcAu/IMcAn/IMcAN
Score

10^/10

discovery execution lumma stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

lummadiscoveryexecutionstealer