lumma | 785d71950c369a273ded2c1e4159b0d06bcd9fd63a5eefb2288ba77bbfc2b67d | Triage

Sharing

General

Target

785d71950c369a273ded2c1e4159b0d06bcd9fd63a5eefb2288ba77bbfc2b67d.zip
Size

4.1MB
Sample

250107-ac94pawrcr
MD5

ca641de6d4d868a3cefec6201297b6fe
SHA1

b49e0789d1aa4a6a709a6f24480d9bda826bafc9
SHA256

785d71950c369a273ded2c1e4159b0d06bcd9fd63a5eefb2288ba77bbfc2b67d
SHA512

626a948158f27124334b8b5ae8ae90442274611fd35f7fab037c5dc4c1fc329f81f378ff013cd42b72fe8e67a0aa98ab1da9ce21fb0e405e7d2e5bce3b2406d1
SSDEEP

98304:8laK64nKZyjNXQ72MeR3QRc1zO/VgAyEUq6pbYpwwQ4h:8a6nDS23Ec4qAyPq6ZSB

Score

10^/10

lumma discovery persistence privilege_escalation stealer

Malware Config

Extracted

Family

lumma

Targets

- Target
  
  123/7zxa.dll
- Size
  
  221KB
- MD5
  
  04d3e794624a82228a7e683fdf22e182
- SHA1
  
  114b74e926913bb0a588e671025f9eb38e8b854b
- SHA256
  
  db3d0484228ed14ad8d3763f4880d36024fb27b189c91720ff147b92d46bcb5a
- SHA512
  
  b5767971f9075b5e483f9e77dcb50637eb81d70da86d655a230da6ad3dc5337d2a08038261f32e3867fde68fd33bf23a75b50e0381762becb46e859404e78d82
- SSDEEP
  
  3072:+ftOtcS7lCZc9Ltue1C+zV2zUmiRvgWDFSaRPQIDCuPK1gSBvAGfPFjaRv+PB7PT:etViwgLtun+soC1vx2Hr0/NG1E
Score

1^/10
behavioral1 behavioral2
- Target
  
  123/Data/Updater.ex
- Size
  
  414KB
- MD5
  
  a341d9bfaae6a784cb9e2ea49c183fb4
- SHA1
  
  d061c12dffa6a725f649dae49c99f157e93bb175
- SHA256
  
  52416bb8275988aa5145be6359b6c6a92e3c20817544682c2c1978b50ff2052c
- SHA512
  
  9dff4ba2abf889c9f9e71da1f91abdde1742a542b53e8c289e011113e1bcb86d4b1aaf5e7aadf97aa5ed36ab50227295e27ce700d30524f7198fd8f3928c36a2
- SSDEEP
  
  3072:bebeJQsqiaJnFdHfQoB9bls1YxRz5QZ1y+ymaQfA30KQBhYJXv4M4Mz07ROZH1pH:jh+nf4+tG/vyohq4M4M4gl7T
Score

1^/10
behavioral3 behavioral4
- Target
  
  123/Exlan_setup_v3.1.2.exe
- Size
  
  671.8MB
- MD5
  
  0a3b8862e11a77eefc443c202ecc8336
- SHA1
  
  a388e011c3aa07a45f269a2ebf5b9e1fab235ef4
- SHA256
  
  fe5117d476a540ae72ba713ae4781c2cb9ffa12503b34a527ad3ca7853de4929
- SHA512
  
  2b1aa70e48ca5528d2b8f4583ab9a2f7f203028693bbc768442804808860e3be6adaaf77a442bf2d51b5e4f2bfbe41daf16a93a206a7cc7e8b660091e1fa03f3
- SSDEEP
  
  49152:4NuYWEYKkHFfTvBJEvUf2vtY7uRfbQswUZcSByYGv5uuv/DYi35PB+MTRx2VT4Gt:4NhWqQFfTjEvUfH7ul5ApZdel
Score

10^/10

discovery lumma stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral5 behavioral6
- Target
  
  123/RarExt.dll
- Size
  
  636KB
- MD5
  
  1e86c3bfcc0688bdbe629ed007b184b0
- SHA1
  
  793fada637d0d462e3511af3ffaec26c33248fac
- SHA256
  
  7b08daee81a32f72dbc10c5163b4d10eb48da8bb7920e9253be296774029f4ef
- SHA512
  
  4f8ae58bbf55acb13600217ed0eef09fa5f124682cedd2bfc489d83d921f609b66b0294d8450acb1a85d838adb0e8394dadf5282817dba576571e730704f43ac
- SSDEEP
  
  12288:CheO83S/X2oc1fZy4CArT0pLGbNUnaC7PeUnBd3X3uK:CheOIS/GzfZpopLGbNUL2UnBd3X39
Score

1^/10
behavioral7 behavioral8
- Target
  
  123/psmachine.dll
- Size
  
  250KB
- MD5
  
  a47b9c0e96070d89e9dc65358c81538d
- SHA1
  
  719f2688f1bbb7e65acc9cacf1e50ad461d5ee7a
- SHA256
  
  ea5f4746aa8ccc63d4265d7bf860df53249c284924d824cffd5b11fdd980fa4e
- SHA512
  
  cbf0b4566259d45db48d9643e1a32aefef4dd1b869f79ba6c77096bc0e9f8b351fafa0b4b72c9aaefcea7f0477e7af9e23b7e97858a8d5f422895b2ea4e63300
- SSDEEP
  
  6144:8X2kclmHZ3aTIOOYO5OI4ENxNGEilD/am21:8X2kccHdaTIOOYdgxwE2Q1
Score

5^/10

discovery persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral10 behavioral9
- Target
  
  123/psmachine_arm64.dll
- Size
  
  308KB
- MD5
  
  a3639cde0be7bf17849262a3053a8c6c
- SHA1
  
  cd0e1a95c22c7dd4c6133cab634b534af66337fb
- SHA256
  
  f6e957a309fd99abaf67162f3a722943e5fd46d8b69d25dc19f9826f9285e7e3
- SHA512
  
  29ba268708277ccf15950001542dc88470bade56b5b430c7dbea00c6db16cfef96a855c4ada46fed3c3cf9d3eca51509b2b86a8c67975e0c277adafb63ec1c63
- SSDEEP
  
  6144:5NqXt3efkVrto8ikXRubcB2k8ozcJEyor0sMESED/am8:1v6SEqEzy
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

lummadiscoverystealer

behavioral7

behavioral8

behavioral9

discoverypersistenceprivilege_escalation

behavioral10

discoverypersistenceprivilege_escalation

behavioral11

behavioral12