lumma | 346d55b4ff926148b5920a8bc6a43081986f2aed5cf350f93b89899fa16f8a68

Sharing

Copy URL

Twitter E-mail

General

Target

346d55b4ff926148b5920a8bc6a43081986f2aed5cf350f93b89899fa16f8a68.zip
Size

1.7MB
Sample

250107-ac7csswran
MD5

945f83fba2e052e32760d2e52c61098f
SHA1

59bafa5ae23c9a60f49349613da32f00592bf92a
SHA256

346d55b4ff926148b5920a8bc6a43081986f2aed5cf350f93b89899fa16f8a68
SHA512

4d2e706ccb5b4ab793be5d71c2251e1ea183c69fc45fdc7a8e9d3c6b071ecd8e73c9e7431542720455c5f8442d437bb2e8dd273a468077e3a2ab5f9e5737b703
SSDEEP

49152:HXdZKvhn8d/XZlKFnbBiWUPMqnFaqZS0ah8BoAE:Hyh8BvaBrqFaqkZaBoAE

Score

10^/10

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Targets

- Target
  
  Crypto Seed Checker 2024 version.exe
- Size
  
  646KB
- MD5
  
  07feca81b29907ce6550288a7d2b8821
- SHA1
  
  6252d362fe96293254a1f284a95355440a2dc2cc
- SHA256
  
  eb28c83590f742bb8a12d01f4692421786b6a04dcf9fcc31df93de6d0068b717
- SHA512
  
  add0f86c572a83d4d2baa8a3d79db1ce321ae846aa02afe559abc91da0bd8ca6bd3969f4e75372ea606057436fc5e3353c71d23feef843340c41be9d0b72d800
- SSDEEP
  
  12288:J4CD99jUhaQS/Aby46x4YFFR5WQ/Ee4vbDAt8G+DiBezmm72kiz5iIrSEO:Osbkaqx6xDR5BEe4X2jnBeKPIt
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  NL7Data0404.dll
- Size
  
  2.2MB
- MD5
  
  81b14fd1c9d2b830e55c93c4c38afa2f
- SHA1
  
  975bef050d9e8d2ee577e1b4db5dd6e2d67bff20
- SHA256
  
  878e2dbac4b6a6bcce54742f3c7bfd87aa93a6637cccc1e5d18ab65215d81bee
- SHA512
  
  16bcd415ca4cfc8813d990a304723a87122eede56a4f2c84b8fac91ccb0d5fd9c2db413358eecf145c1faad5b74f16b516a3c5e12f977bbca0cb6f66cc73d3ec
- SSDEEP
  
  24576:WckkkkkkHxKjbNX7UtOGwu1fg5tXVD539swzYNefx+Pff5pn3DXBdVjtxv/Ui:WeKYtOGwu1fg5FtJ9nMX5bL9z
Score

1^/10
behavioral3 behavioral4
- Target
  
  dmview.ocx
- Size
  
  132KB
- MD5
  
  9d3d06d04b20c9a61394144dccf7e54c
- SHA1
  
  9ceb4a625359052b1301dca0f12188f935ad62cd
- SHA256
  
  f11df95fae783ddfd452a888bedac3b084405cabe20f36be26000a1738d97c9f
- SHA512
  
  53a76ca5e3fbfa4ad177e2f18521c1253ea3682f05615d4d72a2ce3e0a722d25e76c30dcdefb80a5e1819842617ec2be82686654b4fb483ed66c7df72c625c64
- SSDEEP
  
  3072:DGlzTHF695pCidDnipNKWzmqonzgUYh8LYOEa2muMSM38:o695pCidDnipNhzmbnzgUYh8LYpmUG
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral5 behavioral6
- Target
  
  dnscmmc.dll
- Size
  
  130KB
- MD5
  
  bdc7ead1e9b59a54f61ad53ec7fefffb
- SHA1
  
  70f53095c292b3ea876bd0a766705dba46a24376
- SHA256
  
  4f64dc86d26ff64f037eea6fe2e8f7224a8f5988c132ebf617ec6a562080fb01
- SHA512
  
  76444e00ab19350fa538bcc6e4d2e6fa2086d1a0c0d946f0eac8a7b059d248a3be9fa5dfef3289028410b1e6fe5be13b2fba939b7c81f3e72ac67c257bd9b897
- SSDEEP
  
  3072:oAgGIoBRZ4VlD8ZVsjxOoFic2cr61Wk57qw8ZcYjbCmjMZTco/YuuI:o9UQ8ZVsjxOoFiUGkCpTco/Yu
Score

1^/10
behavioral7 behavioral8
- Target
  
  elshyph.dll
- Size
  
  229KB
- MD5
  
  6886e3f01425562c23467da967b643fe
- SHA1
  
  e7d1df4121bc7ca59d26869364fa602adf65c792
- SHA256
  
  367322687653b2d0836473fb1b863275e276a5b2aae5c494fc5f786cf52ab471
- SHA512
  
  aea6d69804003788ca4a18441e267295b50891572ea0d1053f02affee5d51163e7b4f254a22e5d102d23e0882cba155937f86e71f38cde844dd89a4feacb5bbf
- SSDEEP
  
  6144:rX9hY++m09tzFJmtMkmV89Xqm6v7W2p+Y7Z8M8NNs:rX9hY+SZkikmV8hWp
Score

1^/10
behavioral10 behavioral9
- Target
  
  filemgmt.dll
- Size
  
  552KB
- MD5
  
  d7c3007dca0312785bf75fe212506431
- SHA1
  
  bc305aae544478cf70d90b5691e289db2dbad289
- SHA256
  
  bcec0ecd295639e81044611f32e28a2b3129cce499b0cd44ba46514c01b0d84e
- SHA512
  
  352495531c3f9f8a93bda697837a6ec1ac49c9b3f829519c9730107660955f7c17f214fe59a13e5da4222f4763de00605d835ef8891f51f4f518a12e350a332c
- SSDEEP
  
  6144:P5QVNAaO89oYCiv15cKs8h6w6T0l/dwygqLGEt8BP9pW4+Lq2ZZZ1ZZZFZZZi92t:PhaO89oYCiv16ihhl/NNtI9pWwLIi
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Event Triggered Execution: Component Object Model Hijacking

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12