lumma | 9437a0df4d17f0a34f01f7d963c45fd76fad1ed4bcae252ed5bda5b997c9161c

Sharing

Copy URL

Twitter E-mail

General

Target

9437a0df4d17f0a34f01f7d963c45fd76fad1ed4bcae252ed5bda5b997c9161c.zip
Size

1.3MB
Sample

250107-ac622awrak
MD5

81ca3cccecb9a0952450399998777a90
SHA1

43161ee0457a07d653a7110f02d8ff671d645683
SHA256

9437a0df4d17f0a34f01f7d963c45fd76fad1ed4bcae252ed5bda5b997c9161c
SHA512

63dba914f75c2fc076bb99439b607d5f7e51569ffa75710f3b9ce46db37bb5d1cd3734886c037a4bd33c1df676d93123ffda91ed67c3283faa51b19d9404db3a
SSDEEP

24576:PX4pttEZ+E8vDygn8dEbqNlZlKFyzMbVzgxTokXy9ygVhUNIk1BnEUO4AxcBEdAG:PXdZKvhn8d/XZlKFnbBiFdNIkvnEUNut

Score

10^/10

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Targets

- Target
  
  Netflix mail access Checker 2024 New.exe
- Size
  
  646KB
- MD5
  
  07feca81b29907ce6550288a7d2b8821
- SHA1
  
  6252d362fe96293254a1f284a95355440a2dc2cc
- SHA256
  
  eb28c83590f742bb8a12d01f4692421786b6a04dcf9fcc31df93de6d0068b717
- SHA512
  
  add0f86c572a83d4d2baa8a3d79db1ce321ae846aa02afe559abc91da0bd8ca6bd3969f4e75372ea606057436fc5e3353c71d23feef843340c41be9d0b72d800
- SSDEEP
  
  12288:J4CD99jUhaQS/Aby46x4YFFR5WQ/Ee4vbDAt8G+DiBezmm72kiz5iIrSEO:Osbkaqx6xDR5BEe4X2jnBeKPIt
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  NlsData004a.dll
- Size
  
  3.1MB
- MD5
  
  be007b645b9d1332e3346107727320d9
- SHA1
  
  0717c6fea33ddd04b9f032039d23c66efd5e5f76
- SHA256
  
  7b128be8d77398cbc3bb789a34e21afc984c2e87276907a01326f8fb4504e9da
- SHA512
  
  8e205aaf5ef8a1e5259634ff51b1e0da8bf35ace547e01de05a02dd0ad55ef7a46329737ba062556c195ba0ef6e3722ea144752f0aa8330c440dac38b2653f82
- SSDEEP
  
  24576:oJEJNe9wndvrpof5UUv6ujcqJByewHXqQpiPlJKaTsO0KwRB3Q/CDuCF:k9CNofaXXqQpTawO0KwRB3Q/Au
Score

1^/10
behavioral3 behavioral4
- Target
  
  dmview.ocx
- Size
  
  132KB
- MD5
  
  9d3d06d04b20c9a61394144dccf7e54c
- SHA1
  
  9ceb4a625359052b1301dca0f12188f935ad62cd
- SHA256
  
  f11df95fae783ddfd452a888bedac3b084405cabe20f36be26000a1738d97c9f
- SHA512
  
  53a76ca5e3fbfa4ad177e2f18521c1253ea3682f05615d4d72a2ce3e0a722d25e76c30dcdefb80a5e1819842617ec2be82686654b4fb483ed66c7df72c625c64
- SSDEEP
  
  3072:DGlzTHF695pCidDnipNKWzmqonzgUYh8LYOEa2muMSM38:o695pCidDnipNhzmbnzgUYh8LYpmUG
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral5 behavioral6
- Target
  
  dnscmmc.dll
- Size
  
  130KB
- MD5
  
  bdc7ead1e9b59a54f61ad53ec7fefffb
- SHA1
  
  70f53095c292b3ea876bd0a766705dba46a24376
- SHA256
  
  4f64dc86d26ff64f037eea6fe2e8f7224a8f5988c132ebf617ec6a562080fb01
- SHA512
  
  76444e00ab19350fa538bcc6e4d2e6fa2086d1a0c0d946f0eac8a7b059d248a3be9fa5dfef3289028410b1e6fe5be13b2fba939b7c81f3e72ac67c257bd9b897
- SSDEEP
  
  3072:oAgGIoBRZ4VlD8ZVsjxOoFic2cr61Wk57qw8ZcYjbCmjMZTco/YuuI:o9UQ8ZVsjxOoFiUGkCpTco/Yu
Score

1^/10
behavioral7 behavioral8
- Target
  
  elshyph.dll
- Size
  
  229KB
- MD5
  
  6886e3f01425562c23467da967b643fe
- SHA1
  
  e7d1df4121bc7ca59d26869364fa602adf65c792
- SHA256
  
  367322687653b2d0836473fb1b863275e276a5b2aae5c494fc5f786cf52ab471
- SHA512
  
  aea6d69804003788ca4a18441e267295b50891572ea0d1053f02affee5d51163e7b4f254a22e5d102d23e0882cba155937f86e71f38cde844dd89a4feacb5bbf
- SSDEEP
  
  6144:rX9hY++m09tzFJmtMkmV89Xqm6v7W2p+Y7Z8M8NNs:rX9hY+SZkikmV8hWp
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Event Triggered Execution: Component Object Model Hijacking

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10