lumma | 15c94a9aac3e94d74405de20f08f571585212c928cb2e88394540b875183d90e | Triage

Sharing

General

Target

15c94a9aac3e94d74405de20f08f571585212c928cb2e88394540b875183d90e.zip
Size

4.7MB
Sample

250107-aclq4awpap
MD5

80604b2f36f440e5e332ac7b4063cbf0
SHA1

a306467e996ab308f809d7a7d709d069e9ef2ec3
SHA256

15c94a9aac3e94d74405de20f08f571585212c928cb2e88394540b875183d90e
SHA512

4cdbdfc2564f2ca91766268eeb61d9ed8cf73e65e21d2b678caaed987b8f202133d8ba3b2617df10fbf4c5481c83a9dfa7cc5970b16b9fd31d1a70339ee2bf03
SSDEEP

98304:i17G6ETaSKLl0mstta9j/VWBi37t3MTHGw0+Dj0bwfEp2kUun0TO0:P6ETfoSmIta/AQ60bUEp/UU0

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://hummskitnj.buzz/api

https://cashfuzysao.buzz/api

https://appliacnesot.buzz/api

https://screwamusresz.buzz/api

https://inherineau.buzz/api

https://scentniej.buzz/api

https://rebuildeso.buzz/api

https://prisonyfork.buzz/api

Targets

- Target
  
  15c94a9aac3e94d74405de20f08f571585212c928cb2e88394540b875183d90e.zip
- Size
  
  4.7MB
- MD5
  
  80604b2f36f440e5e332ac7b4063cbf0
- SHA1
  
  a306467e996ab308f809d7a7d709d069e9ef2ec3
- SHA256
  
  15c94a9aac3e94d74405de20f08f571585212c928cb2e88394540b875183d90e
- SHA512
  
  4cdbdfc2564f2ca91766268eeb61d9ed8cf73e65e21d2b678caaed987b8f202133d8ba3b2617df10fbf4c5481c83a9dfa7cc5970b16b9fd31d1a70339ee2bf03
- SSDEEP
  
  98304:i17G6ETaSKLl0mstta9j/VWBi37t3MTHGw0+Dj0bwfEp2kUun0TO0:P6ETfoSmIta/AQ60bUEp/UU0
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer