lumma | a1b299a6387390b2dc92c6831c00a34d0516bb73fa30ac63fa5a87381a34e00e | Triage

Sharing

General

Target

a1b299a6387390b2dc92c6831c00a34d0516bb73fa30ac63fa5a87381a34e00e.zip
Size

1.4MB
Sample

250107-achpfawngp
MD5

17d982ea0869488ade000bf0525a1f47
SHA1

533de4cdc250b133268f64ed05a77f63fe7701ce
SHA256

a1b299a6387390b2dc92c6831c00a34d0516bb73fa30ac63fa5a87381a34e00e
SHA512

9bc16bfe4e25d5377a31eeb3d55e6d3a978301e3e2b9a4c1b472bdde1f17e98df4299d70e398a557f4de633057e4bd652b5056f429b17edfa2c7f22a80d486a5
SSDEEP

24576:Z+Rpy/UWUXxA3Y5yKBv+/NSR+EMQp6BIb6DYhcDNxDqtPbSg7JTsYC3kg1vdS:Zy4/UWWxA3Kyd/wR85I28CPDAPbSMJTT

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Targets

- Target
  
  Setup.exe
- Size
  
  685.0MB
- MD5
  
  daec90546d38415dc7b8261fc7061d5f
- SHA1
  
  91d2740295571d9f4b20966bc72b0c921ca74021
- SHA256
  
  0c4f831e8eeb2536a313db487f7e5fbb3807daaeab8d493ff151f85c0977d7d6
- SHA512
  
  9a23a62cc4d8039fab66728cc3c52cb41e4eb45f61d79e8b5e7e8470293e5a780bdc994518d64a3169e5d11566f12874715dc012b531a8087582b0fce2aec83d
- SSDEEP
  
  24576:tq/Ab3dWy7fZn2AIgQYKMv2/by8g/TD6ohMtzfDlxyHG846vZntUdSv8eKh/kcO:E/edb7fJfaOTD6ohkD/aHmeS/kR
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer