lumma | 95cd2e94c29d862fd16c2cc19b0916784cf9ab2b93c7b9d816d34fe22ee239f7 | Triage

Sharing

General

Target

run.ps1
Size

43B
Sample

250107-fwrz4swjgx
MD5

cefc1c3285ecac3a02ccbc8e0cebb558
SHA1

7c2b049342ccd09474fcf8306c28c7d162c6d9b1
SHA256

95cd2e94c29d862fd16c2cc19b0916784cf9ab2b93c7b9d816d34fe22ee239f7
SHA512

b4a4dd60d8518e7629c6e5674d4cf185f7ce250f73dcfe110433d19933f2572bb814e54f234709a8d045f7c37a75298a36d537406c4002e4c0bb626c90eb22fc

Score

10^/10

lumma discovery execution stealer

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://simplerwebs.space/anrek.mp4

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://klipdiheqoe.shop/ruwkl.png

Extracted

Language

hta

Source

URLs

hta.dropper

https://simplerwebs.space/anrek.mp4

Extracted

Family

lumma

C2

https://grooveoiy.cyou/api

Targets

- Target
  
  run.ps1
- Size
  
  43B
- MD5
  
  cefc1c3285ecac3a02ccbc8e0cebb558
- SHA1
  
  7c2b049342ccd09474fcf8306c28c7d162c6d9b1
- SHA256
  
  95cd2e94c29d862fd16c2cc19b0916784cf9ab2b93c7b9d816d34fe22ee239f7
- SHA512
  
  b4a4dd60d8518e7629c6e5674d4cf185f7ce250f73dcfe110433d19933f2572bb814e54f234709a8d045f7c37a75298a36d537406c4002e4c0bb626c90eb22fc
Score

10^/10

discovery execution lumma stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

lummadiscoveryexecutionstealer