lumma | 08aabef266a451bbcd57608acbd397d827d8aa2206e25c24ce61e1e7fcad7eb1

Sharing

Copy URL

Twitter E-mail

General

Target

08aabef266a451bbcd57608acbd397d827d8aa2206e25c24ce61e1e7fcad7eb1.zip
Size

792KB
Sample

250107-ac6fhawqhn
MD5

63771196ddc309192e4ea83c9cfabcbe
SHA1

fbe29d1ce4583a25bd925dd588e9cc44e16abc7f
SHA256

08aabef266a451bbcd57608acbd397d827d8aa2206e25c24ce61e1e7fcad7eb1
SHA512

8c8d13d56e0c7364f8f06ae127afa1bd4626d0ed3c16c9a0ab2a50b35524bbc1ab18ab95ae8dec432a106357bd596698191b546de71c09f038376012a354450b
SSDEEP

24576:lX4pttEZ+E8vDygn8dEbqNlZlKFyzMbVzgxT5kXW9ygVOUB:lXdZKvhn8d/XZlKFnbBiccB

Score

10^/10

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Targets

- Target
  
  Cyber Ghost VPN + Key master.exe
- Size
  
  646KB
- MD5
  
  07feca81b29907ce6550288a7d2b8821
- SHA1
  
  6252d362fe96293254a1f284a95355440a2dc2cc
- SHA256
  
  eb28c83590f742bb8a12d01f4692421786b6a04dcf9fcc31df93de6d0068b717
- SHA512
  
  add0f86c572a83d4d2baa8a3d79db1ce321ae846aa02afe559abc91da0bd8ca6bd3969f4e75372ea606057436fc5e3353c71d23feef843340c41be9d0b72d800
- SSDEEP
  
  12288:J4CD99jUhaQS/Aby46x4YFFR5WQ/Ee4vbDAt8G+DiBezmm72kiz5iIrSEO:Osbkaqx6xDR5BEe4X2jnBeKPIt
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  dmview.ocx
- Size
  
  132KB
- MD5
  
  9d3d06d04b20c9a61394144dccf7e54c
- SHA1
  
  9ceb4a625359052b1301dca0f12188f935ad62cd
- SHA256
  
  f11df95fae783ddfd452a888bedac3b084405cabe20f36be26000a1738d97c9f
- SHA512
  
  53a76ca5e3fbfa4ad177e2f18521c1253ea3682f05615d4d72a2ce3e0a722d25e76c30dcdefb80a5e1819842617ec2be82686654b4fb483ed66c7df72c625c64
- SSDEEP
  
  3072:DGlzTHF695pCidDnipNKWzmqonzgUYh8LYOEa2muMSM38:o695pCidDnipNhzmbnzgUYh8LYpmUG
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral3 behavioral4
- Target
  
  dnscmmc.dll
- Size
  
  130KB
- MD5
  
  bdc7ead1e9b59a54f61ad53ec7fefffb
- SHA1
  
  70f53095c292b3ea876bd0a766705dba46a24376
- SHA256
  
  4f64dc86d26ff64f037eea6fe2e8f7224a8f5988c132ebf617ec6a562080fb01
- SHA512
  
  76444e00ab19350fa538bcc6e4d2e6fa2086d1a0c0d946f0eac8a7b059d248a3be9fa5dfef3289028410b1e6fe5be13b2fba939b7c81f3e72ac67c257bd9b897
- SSDEEP
  
  3072:oAgGIoBRZ4VlD8ZVsjxOoFic2cr61Wk57qw8ZcYjbCmjMZTco/YuuI:o9UQ8ZVsjxOoFiUGkCpTco/Yu
Score

1^/10
behavioral5 behavioral6
- Target
  
  elshyph.dll
- Size
  
  229KB
- MD5
  
  6886e3f01425562c23467da967b643fe
- SHA1
  
  e7d1df4121bc7ca59d26869364fa602adf65c792
- SHA256
  
  367322687653b2d0836473fb1b863275e276a5b2aae5c494fc5f786cf52ab471
- SHA512
  
  aea6d69804003788ca4a18441e267295b50891572ea0d1053f02affee5d51163e7b4f254a22e5d102d23e0882cba155937f86e71f38cde844dd89a4feacb5bbf
- SSDEEP
  
  6144:rX9hY++m09tzFJmtMkmV89Xqm6v7W2p+Y7Z8M8NNs:rX9hY+SZkikmV8hWp
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Event Triggered Execution: Component Object Model Hijacking

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8