lumma | ca33c8d89674fcb7b69000cd82698eb608f66962aad79061390c368f8f766a0b | Triage

Sharing

General

Target

ca33c8d89674fcb7b69000cd82698eb608f66962aad79061390c368f8f766a0b.zip
Size

3.4MB
Sample

250107-ac794avkfx
MD5

5b450e6449609a9782f0b2da335692e4
SHA1

f83b279ad3819fdb3d1a5ea1bd904e5d477e25b4
SHA256

ca33c8d89674fcb7b69000cd82698eb608f66962aad79061390c368f8f766a0b
SHA512

cb19e6a4570d0dd68ac17ce2d80d143b50d3c7ff995ae871b691a0ffb091b9a9a51eaa1d85f2f9871850847b8015dbd5af3dd239562216c5062444a6db08abb1
SSDEEP

24576:c3R2ggyNsqhnnBTREQQt4Q8ab6IQq7o9L7klK1UWeBYhTlo:+vNsqdBTREQQtzb69QkL7kM1UWcEO

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Targets

- Target
  
  Setup.exe
- Size
  
  685.0MB
- MD5
  
  0917c78aeb28a72b0d2703f616238ed8
- SHA1
  
  ebac45f959cc20a57d03cf8013e298a4e7557790
- SHA256
  
  1e91103f5d1b6af2a36fcf0e6d0955eebe68a93b971b417718d912852dd15b10
- SHA512
  
  81a5c2d7d280d9d7ff175c0f41aebeab9f636b666b91b09141c975dfb847546b967cfc84b739b93b4b15c2214f5eacfce104acfe98f6ad75662c119284a26956
- SSDEEP
  
  24576:yNjZus0ytu4hJn7/hqSQRo0KiV6I+g7o9L7CfKBRUWMN5:GZtu4H7/hqSC/RV632kL7CSBRUW45
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer