lumma | e1783c551610bce488e95409b7b30020abb19a1f0fdf305883da9de983b6b8dd

General

Target

e1783c551610bce488e95409b7b30020abb19a1f0fdf305883da9de983b6b8dd.zip
Size

3.0MB
Sample

250107-amy46sxlej
MD5

ca44f6d10d96354dc77f736a9fb73710
SHA1

b0660fddb75022f2ec8df8c50c3bfcef6a43f97a
SHA256

e1783c551610bce488e95409b7b30020abb19a1f0fdf305883da9de983b6b8dd
SHA512

e860072f1d20ecbeeb0f13235a3d1ac0562c6915122a163d015e0a905a1a4fc530d651e4d6ae8986c5745a80f9f952109899d71cd952fde7ae463ed487acf5b6
SSDEEP

98304:Oyh8BvaBzaqkZaBoA6uR9a3tOYDFQpcIkMyWyp:OyWha0ZCgD9bvDM+

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Targets

- Target
  
  ChatGPT-5 Version 2024 .exe
- Size
  
  646KB
- MD5
  
  07feca81b29907ce6550288a7d2b8821
- SHA1
  
  6252d362fe96293254a1f284a95355440a2dc2cc
- SHA256
  
  eb28c83590f742bb8a12d01f4692421786b6a04dcf9fcc31df93de6d0068b717
- SHA512
  
  add0f86c572a83d4d2baa8a3d79db1ce321ae846aa02afe559abc91da0bd8ca6bd3969f4e75372ea606057436fc5e3353c71d23feef843340c41be9d0b72d800
- SSDEEP
  
  12288:J4CD99jUhaQS/Aby46x4YFFR5WQ/Ee4vbDAt8G+DiBezmm72kiz5iIrSEO:Osbkaqx6xDR5BEe4X2jnBeKPIt
Score

10^/10

discovery lumma stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  NL7Data0404.dll
- Size
  
  2.2MB
- MD5
  
  81b14fd1c9d2b830e55c93c4c38afa2f
- SHA1
  
  975bef050d9e8d2ee577e1b4db5dd6e2d67bff20
- SHA256
  
  878e2dbac4b6a6bcce54742f3c7bfd87aa93a6637cccc1e5d18ab65215d81bee
- SHA512
  
  16bcd415ca4cfc8813d990a304723a87122eede56a4f2c84b8fac91ccb0d5fd9c2db413358eecf145c1faad5b74f16b516a3c5e12f977bbca0cb6f66cc73d3ec
- SSDEEP
  
  24576:WckkkkkkHxKjbNX7UtOGwu1fg5tXVD539swzYNefx+Pff5pn3DXBdVjtxv/Ui:WeKYtOGwu1fg5FtJ9nMX5bL9z
Score

1^/10
behavioral3 behavioral4
- Target
  
  NL7Models0804.dll
- Size
  
  2.8MB
- MD5
  
  65525c7b89204d241120b7638934a0d2
- SHA1
  
  c7b20986b1c5cb76896d0fca167e02f6cbfb1fcf
- SHA256
  
  18f7f52f14986133f9a9676d5ab959349377a53c0936cea6eb9880e72f85bc54
- SHA512
  
  0e5c920a4c2b197b890a59bd56e54a49cf7167407aa2d1381abe5e2afaa646aa8524d145616ee370a4f95e0069baccff0ff616e60f598d47d2ce817f23f47fa1
- SSDEEP
  
  49152:uoUhaa1DcUEtVYi/WixQrZ/t6BvQZAbuW8X0VbBftuIIDyzwjWV2xK+RE30Y:Shaa1IXaJybnwG2xK2Y
Score

1^/10
behavioral5 behavioral6
- Target
  
  NlsData004a.dll
- Size
  
  3.1MB
- MD5
  
  be007b645b9d1332e3346107727320d9
- SHA1
  
  0717c6fea33ddd04b9f032039d23c66efd5e5f76
- SHA256
  
  7b128be8d77398cbc3bb789a34e21afc984c2e87276907a01326f8fb4504e9da
- SHA512
  
  8e205aaf5ef8a1e5259634ff51b1e0da8bf35ace547e01de05a02dd0ad55ef7a46329737ba062556c195ba0ef6e3722ea144752f0aa8330c440dac38b2653f82
- SSDEEP
  
  24576:oJEJNe9wndvrpof5UUv6ujcqJByewHXqQpiPlJKaTsO0KwRB3Q/CDuCF:k9CNofaXXqQpTawO0KwRB3Q/Au
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Checks computer location settings

Drops startup file

Executes dropped EXE

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8