General
-
Target
12fc06a5be478bd7c50a43ed8f0752ea.bin
-
Size
1.2MB
-
Sample
250107-bc8fjawpft
-
MD5
ea2ebdd0b9f97044a87d31d97c421246
-
SHA1
3acbefc3b53e8410c0380dc677484f985a521ba1
-
SHA256
559c168d6e1f07d746115df2438dca8ecda29ef1cb7731b7d7a092be6124d839
-
SHA512
23320464c01df8030eaaff31f5bd3b71e62d3af43d3656a10078ae1db3ebe1b4b23ff95f1aebcedb25714a9b63b4cfdc99120ad36e7d9645ac343c066093db2c
-
SSDEEP
24576:geahM5FEA3KURPO0ZUvcatfoTRK+JMZuSYj/FsqWufw8e/KdEAgscOw:geahIzKU4AUQTRK4yQ/GqrIydEbOw
Malware Config
Extracted
lumma
https://cloudewahsj.shop/api
https://rabidcowse.shop/api
https://noisycuttej.shop/api
https://tirepublicerj.shop/api
https://framekgirus.shop/api
https://wholersorie.shop/api
https://abruptyopsn.shop/api
https://nearycrepso.shop/api
https://brendon-sharjen.biz/api
Targets
-
-
Target
2f02e100e26ddc58ee26a2f4e7f6116f79405cd7baba4c69abd799a119a836d0.exe
-
Size
1.3MB
-
MD5
12fc06a5be478bd7c50a43ed8f0752ea
-
SHA1
db3375bbff1e505e058c7f4c2d9d9231a3361149
-
SHA256
2f02e100e26ddc58ee26a2f4e7f6116f79405cd7baba4c69abd799a119a836d0
-
SHA512
81e033dadf5fe2447b347d6271189c8e8a5bf036c1926c43bac0421845c34fd75fdd97ab8f93c9804e8f4b9fbf9d9977485ba27a835bb74a5b4b82da48bd7d13
-
SSDEEP
24576:q8kFazOV+NtfVngALFlitdnDyVgmAUo/T4Xg+Iv:2FGk+NtNTvi747ASVi
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1