lumma | 20b27b89797acc64cf602900667eecf81148a77938af21f6c0c10fcf96527e61

Sharing

Copy URL

Twitter E-mail

General

Target

20b27b89797acc64cf602900667eecf81148a77938af21f6c0c10fcf96527e61.zip
Size

1.9MB
Sample

250107-acbk5atqg1
MD5

10127e003d2e84bdb20a74dd0d1a60ad
SHA1

46b1ba73b9243949912b086e130ec94c98ae1ef9
SHA256

20b27b89797acc64cf602900667eecf81148a77938af21f6c0c10fcf96527e61
SHA512

b8b5e32407f62695939e4181b516634b756b99ae2f3d3734705b7d91dee38f1c9767007fa01abf866668eed88268b1c7dc580f8a16f6d0c73ef6d6a4b3eb996a
SSDEEP

49152:OqyroSjqpZgeQ8ntZTbzcjRJ+Kyrrg61n8u4Ui3i:OqyrXOpZi8bk+FrgaaS

Score

10^/10

Malware Config

Extracted

Family

lumma

https://hummskitnj.buzz/api

https://cashfuzysao.buzz/api

https://appliacnesot.buzz/api

https://screwamusresz.buzz/api

https://inherineau.buzz/api

https://scentniej.buzz/api

https://rebuildeso.buzz/api

https://prisonyfork.buzz/api

Targets

- Target
  
  AXE8SharedExpat.dll
- Size
  
  165KB
- MD5
  
  c8c0cd5ae41f0ca14b008d1d367fc438
- SHA1
  
  ea249f15b6cb7bd34c2b164a9a7de9d53faae579
- SHA256
  
  85a6260a81c8fbc3897ae84199b0c19ad52c1aa20eccd16bc1bff87ab4232f0e
- SHA512
  
  e3b4c2727a013a9e546926db9c8719fff02c99c5e37aabaf2d5e781e0c413e4ec5373518d5222b27a9d40055a09126ccd14188ad8eea57825197b794db974862
- SSDEEP
  
  3072:b3In6yKGHS4tcdKwmcOTw1hOqLKpJzadzwxxYBcdgtqveBTg4vRPzr4zvRgJk:Mn6yxS4tcdKVw1iB8Axr2qK4S
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  AdobeSync.exe
- Size
  
  1.2MB
- MD5
  
  f778e9136ab0db9de9802a7043de50a7
- SHA1
  
  850dca074534a14fdb9ada6afaceea88558764e0
- SHA256
  
  90803a583e9f693de5e7b8a196832436f6f648b27fb82e55904c256f30cc8b3a
- SHA512
  
  cd6c5c3537f05ad5826d503e38b8e6ef2eaf668616bec15ba51ad3d81e0337a72779d7ca6af9e8ebee12d713891b30c0b73bf34718552bc9f4e7d8909b998156
- SSDEEP
  
  24576:+heavSigvk0vhkzswHD4/V3OQdnYKYc4wXUyuy1:qP710vezrj4dJYFYUyuy1
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  BIB.dll
- Size
  
  107KB
- MD5
  
  759d71fc9442ab5a9b5749c0f6c0c263
- SHA1
  
  07a68c6922d443eb9d6d445da18ae8a6d92f7ac6
- SHA256
  
  109647f58e7e8386a4c025f2c8175a4d638e5c0e62768953390764010ea22a2e
- SHA512
  
  e3efe66c76ea81285ba01b1978fdb3e807eb0bf2cfe0373bb6fef06f2fd7d9ddc3269acf0d87517cbf9bea5fa09b2703a03792491dc8265d26b724d7dca106c7
- SSDEEP
  
  3072:FeQixAO/A/0VSaGHvP5GeBTEpP2t31VrxrcZ0KOKbfQp:uKO+0VSnKOKbop
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  msvcp90.dll
- Size
  
  557KB
- MD5
  
  90a32d8e07f7fb3d102eab1da28f0723
- SHA1
  
  0903911bbb5d00f68ba51895fa898b38a5453ded
- SHA256
  
  004ed24507dc7307cec1a3732fa57eabf19e918c3e1b54561e6cc01f554c0b77
- SHA512
  
  2c69586d5c5d2b4b5decf2bf479554c3d0ff5f5a6fbacb01b8583ea8d96d0ae9c850c30a0d43eb2ad1116be901578d15fe08fce3e505440c854082c208a79f1a
- SSDEEP
  
  12288:BpFE340h3e34GVZQACkIPYhUgiW6QR7t5183Ooc8SHkC2eLgAfO:Bph0h3e3vgzPA83Ooc8SHkC2eLgAfO
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  msvcr90.dll
- Size
  
  638KB
- MD5
  
  11d49148a302de4104ded6a92b78b0ed
- SHA1
  
  fd58a091b39ed52611ade20a782ef58ac33012af
- SHA256
  
  ceb0947d898bc2a55a50f092f5ed3f7be64ac1cd4661022eefd3edd4029213b0
- SHA512
  
  fdc43b3ee38f7beb2375c953a29db8bcf66b73b78ccc04b147e26108f3b650c0a431b276853bb8e08167d34a8cc9c6b7918daef9ebc0a4833b1534c5afac75e4
- SSDEEP
  
  12288:5hr4UC+Ju/A0BI4yWkoGKJwZ9axKmhYTMAO7wFKjCUmRyyPe:9JfyZFGKJjxKmhSMAB6CUmRyyPe
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  sqlite.dll
- Size
  
  243KB
- MD5
  
  596439b3a9f9ea44ff28e2974f69ab07
- SHA1
  
  a2074cd3d39045902f82a072455420ab7101a036
- SHA256
  
  8cc91d57d45b46b3439eaa017bf1deb8e177f15245ba6f18ebcf2bd0a173a4f3
- SHA512
  
  1de8d41fec0844999b88c0cb738aac71c0ae895a51e91f6465afaa864537e692e4576e6699b4976e62aa2c38ef9125d9aaf09a72acaa068a0c2b05d413af858a
- SSDEEP
  
  6144:hiDoxpdJLEfunorfdoU9nxGIndwR7j0E3/AE6u6J:QDApalrGIdwR7jZ3/B6/J
Score

3^/10

discovery
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12