lumma | aa1e63845cbfcee49033a729fcecc2d61cdc2f41968813a45ad64946e8a2ec1f | Triage

Sharing

General

Target

aa1e63845cbfcee49033a729fcecc2d61cdc2f41968813a45ad64946e8a2ec1f.zip
Size

4.2MB
Sample

250107-ahql8sxjhr
MD5

93a70c58cbc42d4362fd4cc206d5a35e
SHA1

f769777dec440d5e8900927b42d6c4232d6d58b7
SHA256

aa1e63845cbfcee49033a729fcecc2d61cdc2f41968813a45ad64946e8a2ec1f
SHA512

db54faa43d5fc83f7160edbda953ba763080f499d8ce20cc0502a357a564d1be60dc44ece4425f5ddfc0d4ce6e47cf5b7e79bf1dfa680ea98cf728191df28a23
SSDEEP

98304:Fn3X3JlbT6t/B7ALNsrYr82OvJ2p9TSNV1+jjz:B3X33bT6dB76NsrYFcw+o

Score

10^/10

lumma discovery persistence privilege_escalation stealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Targets

- Target
  
  aa1e63845cbfcee49033a729fcecc2d61cdc2f41968813a45ad64946e8a2ec1f.zip
- Size
  
  4.2MB
- MD5
  
  93a70c58cbc42d4362fd4cc206d5a35e
- SHA1
  
  f769777dec440d5e8900927b42d6c4232d6d58b7
- SHA256
  
  aa1e63845cbfcee49033a729fcecc2d61cdc2f41968813a45ad64946e8a2ec1f
- SHA512
  
  db54faa43d5fc83f7160edbda953ba763080f499d8ce20cc0502a357a564d1be60dc44ece4425f5ddfc0d4ce6e47cf5b7e79bf1dfa680ea98cf728191df28a23
- SSDEEP
  
  98304:Fn3X3JlbT6t/B7ALNsrYr82OvJ2p9TSNV1+jjz:B3X33bT6dB76NsrYFcw+o
Score

10^/10

lumma discovery persistence privilege_escalation stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverypersistenceprivilege_escalationstealer

behavioral2

lummadiscoverypersistenceprivilege_escalationstealer