lumma | b782dae2d00f935788f0714d0e337fcb2fa600318797d1beb19ab375d2f1d4b5

General

Target

Software v1.24 loader.zip
Size

357KB
Sample

250107-pxzwsatlan
MD5

6a74be808f6690435438cd87c7e9f83a
SHA1

6fb19ecb1ddb4ed74073f5f52067d7d06931ee9f
SHA256

b782dae2d00f935788f0714d0e337fcb2fa600318797d1beb19ab375d2f1d4b5
SHA512

3d92bf1367360d3251af21a21a965a9df2f64b64f88396ea5b15d08f17d29394575f3f129102f4f95d68d6d43814f24b71332c4d62fbe965280615118a65b7c4
SSDEEP

6144:0rP8n67fkst4Bke9NCzKxDG7HRQbnlhePIP11ATwg/nEkhB2CCUuHiQ9p:u9ftLlzRQBYMAP/EOA1iQ9p

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Targets

- Target
  
  Software v1.24 loader.exe
- Size
  
  358KB
- MD5
  
  1823de12344b81e105789735a943930f
- SHA1
  
  a56cda80deda56bf74d9529e1726bbd21d04b901
- SHA256
  
  56e899e77fb35360261e78bf32ebb8fdf9bb6ed91226ccb4bc5debc3bde03b89
- SHA512
  
  ccd33be3b33368e3f6be146f826dbe0fe2521c20b9d4a40faac6bddd2a7df01871bea9a9c8bf8ba98b672ff0a2b0dfb68689401c148f3f396af232b57a6cd88a
- SSDEEP
  
  6144:UxaP9gTq/3UXdY4TIYegMEgTR9xj20wsSQ87Ar88Hn3ggBaIA+hMwibOPk:UIPKTq/EtYmRegOw0wsnO2n6+hnRPk
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  lib/settings/admin-settings.js
- Size
  
  5KB
- MD5
  
  544017596217df360366ca2432976191
- SHA1
  
  1d75a2aa98b1856b77d85765197a1909063dab8a
- SHA256
  
  53589eba7e835cb3de9240fb4326f5b73290d3e26a1096e20628e199dee1d4f5
- SHA512
  
  e64b000808feebeb3de95d8c2190338464a438163977c1400f030532e433a604b77a10736ea01fd0a0464e6c3f105c19ed2623f28067361ec381cd4437027abb
- SSDEEP
  
  96:g+FWCHOGty3ZCxR3OGSz4vgPyUybLvlcpZFN//mGnCeouRvH0uiWbq6:gYWCu138xVOhz5qU8L9cpZFN//mACeld
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  lib/settings/tpl/settings.php
- Size
  
  2KB
- MD5
  
  c29bf1f9213c4be3a3cb0fd5c11acb84
- SHA1
  
  b84bef0340f77f94ad8a87e5e7ef66bdeb4d5f8b
- SHA256
  
  463f4847d8b053179969b613f2f2a49cd9745e24ffe32d5be0bc7333f13ba83a
- SHA512
  
  5e301cf3ade24bdfac99b846c2e530f033a8c43cc71a672a349e1c11074fc3fcb746ee23d5b26800dc95dded0b562db01424da1bd4e8173c1fbd108782f1f7e0
Score

6^/10

execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral5 behavioral6