lumma | d7f82fb48a1f96d0ab9a36fb14331ed1a618e980872830a865a08ae3f4a2d51a

Analysis

max time kernel
12s
max time network
20s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
07-01-2025 00:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d7f82fb48a1f96d0ab9a36fb14331ed1a618e980872830a865a08ae3f4a2d51a.exe
Size

651KB
MD5

48df1349522495797220fdbca34d842b
SHA1

c1de44d4930c7585d941ebe1ac753c60a1bb11c2
SHA256

d7f82fb48a1f96d0ab9a36fb14331ed1a618e980872830a865a08ae3f4a2d51a
SHA512

7efa857c1ab4e76de4022a86d412a0555c663c92c98d4f61e70681690436fac03156bc295a855754218bf227c17d33678c795ab99597c6801848082ff957f81c
SSDEEP

12288:ReIdvFSLpJQBr8JJXindgAP1LbyxEac64p9y:RLdAt6DndgAP1sEa2

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://spellshagey.biz/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Loads dropped DLL 1 IoCs

pid	Process
2384	d7f82fb48a1f96d0ab9a36fb14331ed1a618e980872830a865a08ae3f4a2d51a.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d7f82fb48a1f96d0ab9a36fb14331ed1a618e980872830a865a08ae3f4a2d51a.exe

C:\Users\Admin\AppData\Local\Temp\d7f82fb48a1f96d0ab9a36fb14331ed1a618e980872830a865a08ae3f4a2d51a.exe
"C:\Users\Admin\AppData\Local\Temp\d7f82fb48a1f96d0ab9a36fb14331ed1a618e980872830a865a08ae3f4a2d51a.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Roaming\gdi32.dll

Filesize
639KB

MD5
7bf927e07b2b49df3aad1dbeebbc0120

SHA1
2cf1d3b22690e7973bc2003e5139a7366a9b2221

SHA256
6583b1b6ba5e7154f77771879c485ec189b81bef9ce49546ad0e2b731d2dd691

SHA512
652e0e1560e98eac65307febeed296d22bdaadde96f70e7e0da1412a082aa41917e2dbf54c7cd7cb328e2ab5ba41b85eb81df3b14812f06adb9d7958885d00be

Download Submit
memory/2384-0-0x000000007497E000-0x000000007497F000-memory.dmp

Filesize
4KB

Download
memory/2384-1-0x0000000000DA0000-0x0000000000E48000-memory.dmp

Filesize
672KB

Download
memory/2384-6-0x0000000074970000-0x000000007505E000-memory.dmp

Filesize
6.9MB

Download