Overview

overview

10

Static

static

3

Loader/Loader.exe

windows7-x64

10

Loader/Loader.exe

windows10-2004-x64

10

Loader/dmx...ls.dll

windows7-x64

1

Loader/dmx...ls.dll

windows10-2004-x64

1

Loader/lik...er.dll

windows10-2004-x64

1

Loader/samlib.dll

windows7-x64

1

Loader/samlib.dll

windows10-2004-x64

1

Loader/wdi.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8fe8c95e04bf9695be3d2afd23a6e939dacd669b1e2f100aa23e23f60031d85a.zip

  • Size

    1.6MB

  • Sample

    250107-ackh2atre1

  • MD5

    1f890591db6d66db9b63efcc62e4d5e9

  • SHA1

    e455577d2f6713034bcd4eeb5744eb188e95bd30

  • SHA256

    8fe8c95e04bf9695be3d2afd23a6e939dacd669b1e2f100aa23e23f60031d85a

  • SHA512

    fc1e75c1df0422dda6f14343f9ea7c232f662ccead0d00dc9ad4dab37b19454b8b1951a1efb28a561da504da5ec94e38a2205a0363fd772f51058bb0888b0009

  • SSDEEP

    24576:8r5ysbUFfcjpj5lsngwGq4gMq1EfR8t+h6md3Dca5Ocpd4+6:81tWktVvwGqtMEEZ82Z3Dcac66+6

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Targets

    • Target

      Loader/Loader.exe

    • Size

      150.0MB

    • MD5

      0c37c1712e8d6b14d145ca40e7ef4b11

    • SHA1

      6917c8d195f4cc17f6839321f7091e3b1e286583

    • SHA256

      74dd62ff76ede7ddf86f0c65d61b3e3690420dbd84515004033fd18a4e4b204d

    • SHA512

      faf44f973437fbb0ed7983775ae7fdcac5f1d0447a89a1e66bf85cabbca945aaeb214e9cc66dc20e00c76e6ccbb5de4b619c48ba2054a1c27ad0ad38cd1ff1b9

    • SSDEEP

      24576:4Fcggjpj5jsFgiG24guqBgFb8t+xsMdBDc6TWiXdM:nttVPiG2tuegF8EXBDc6SMe

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

    • Target

      Loader/dmxmlhelputils.dll

    • Size

      259B

    • MD5

      9abd95d760a752257bcb7f5ee3c14008

    • SHA1

      29c4a0b474ef189b2f6a267d560b103ab5f4b323

    • SHA256

      d9050e97477cfe7be44992a505c2cdad8f0f43a3c0bf0e1e1a3d1f175d92ac51

    • SHA512

      f39a345e695d42d81a35b71923da8dd1907a0c48da24f580a102600fb72bcf259ee817414e736d67b0f1196dae0610a00926b1aa94640171e6f5cf09b6830da7

    Score
    1/10
    behavioral3behavioral4

    • Target

      Loader/likodi/NotificationController.dll.mui

    • Size

      4KB

    • MD5

      5a940db75a80c7571cc221cf3870ef78

    • SHA1

      203ac94c768a8916ce70f6db7ada481185c06eaf

    • SHA256

      d3e15411a49c52b69d00ea4c32a3eba6eadb26da7b7f294e90c75aa7d33f210f

    • SHA512

      ec639abf80a633f3fa1a848d2236ca8cf28d45a5a0af85df6c3273f05fcb6db2fe6afbc057761c07234ca3f9b619866697dd357d155ab5df8e1687267ecc7099

    Score
    1/10
    behavioral5

    • Target

      Loader/samlib.dll

    • Size

      9KB

    • MD5

      f3078d7cbe7d330f06c51dc177f58e6f

    • SHA1

      bb191e939d938b6fd9145473b4fb16cd48e33595

    • SHA256

      83b293af5ae8fa2f226dc86c4b9aeb5f6af41880eb72c55c895c2ab445b0bbd9

    • SHA512

      1749bbc37baa46aa95a883029ac52a366fbbe26963ac38e34dc5f6eca150a6a6158f8657543d4ecef59dae3570180bf472c981b1473c98be9c570b42aab0e897

    • SSDEEP

      192:xxoFkSrGiZ3P621D3xjzAS9CNnGhk8YGCPQp+7FTQgl7OQHQF2T:xxofVZ3T9jkS9ClwkvGsDppl3wET

    Score
    1/10
    behavioral6behavioral7

    • Target

      Loader/wdi.dll

    • Size

      86KB

    • MD5

      7d326b235ab064ff70376f1d015cc084

    • SHA1

      3b394e93ef206d30fafbf3202a5a63a4b6667580

    • SHA256

      404dda0bdf9a6c1c61653cf7e965f504b3a3a3b662f88c906aaa19a9c3df160c

    • SHA512

      f33face04507edd462b40dfd0771da3f241374c99fc956def9678a05c15bf5f8c945579006ab250646120a7f983fe4a57b55c93bdf921142f6464bc74fee2347

    • SSDEEP

      1536:2xg+XurUE+dlamMsyhirFoNZ5MtDPQEInpF6qbTyuVKiRoTnd5Zatd2nZXBjVym4:2x5XXdMTsyhirFoNZ5MtDIBpFtvLASoy

    Score
    3/10
    discovery
    behavioral8

MITRE ATT&CK Enterprise v15

Tasks