lumma | b84757f61afe1e60e646e29163c32db9c4ca4317f52b2e0382f3f0a740677c57

Sharing

Copy URL

Twitter E-mail

General

Target

Setupv2.5.1.zip
Size

11.3MB
Sample

250107-syq7taxjev
MD5

fb713cd74363ef0b0286eb324366a9a3
SHA1

ea60b2584670603dc2f636ce63f6d89067058bb1
SHA256

b84757f61afe1e60e646e29163c32db9c4ca4317f52b2e0382f3f0a740677c57
SHA512

61df7b381911976e338ab28a840e726a81c78fb5a90442dbe2fa1f0246d1baab6e1347f6d25219eff6c8f210b151063e063b35df40d956ac1bee43dca300402c
SSDEEP

196608:6VeNNPpzsmrE2ThOuylSnmy4Q7ThGYscCn5YV7MBe6qA816z0g1l0IlFAass0pMM:6wHzsmlyknmO7TqcC5YVgY4zB0IlFUCM

Score

10^/10

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Targets

- Target
  
  Setup/Setup.exe
- Size
  
  359KB
- MD5
  
  17d02595a638c89749b2d8708e5a4cbf
- SHA1
  
  fbd95dff2f70c9ce2d6a4f97e035caf3401359b5
- SHA256
  
  3bc2ca18afed111109f54238d9515005e8c7c96397f17fd4759bf75c9bbe9825
- SHA512
  
  5ba7e5f113da0c4220ff85769ace56a3d5b61d5fce8cf929b1003bbef9b107de184467d4c7042596c4ccbde8725d44240ba0083b929c78aecc954f07b5393e95
- SSDEEP
  
  6144:tx6TG9JJVqzWnnTld7hIt1XaX3+TJuJ8j/d+or3KYtS7OA+eXr+mqW+:tQT4bnTS3Xa+lqiFBXtSyA+e7wZ
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Setup/data/app.so
- Size
  
  6.1MB
- MD5
  
  34b3f1fc6a26b781df8d006ed4bf2156
- SHA1
  
  bd599e403d353d536c44af14377dffd87b205d2c
- SHA256
  
  228e15f93e1e59780a07000d26d5a9ddf2350114c6a3896084e6e486cb7d72bd
- SHA512
  
  49fc8d2bb0aa1c9d40d772c7ed8560ad1250cc7ab98b03a0f275870ead4326e05adf36265b12ff6017d25cd5b7bb1eb6301ff6ab9bc6b94be4dad0d63d4de249
- SSDEEP
  
  49152:9qD7vtxrU9vQp+9jdHWoXZd8CGFGZHncYJZqRWBjoDPc4U2H+ZPBTSIkL4KR8yRE:Y9xrUNdddx0cn/ZPBTS+uBhiQcl
Score

1^/10
behavioral3
- Target
  
  Setup/desktop_drop_plugin.dll
- Size
  
  82KB
- MD5
  
  008b490f0cf4411d86af75cdab2614a0
- SHA1
  
  831f6314958f3d454fd4c3ed72acd2b165f95ea9
- SHA256
  
  3c4bef09c0ac7550cd09dae02395221193b84c092d6797df62b5a8c42b05eb53
- SHA512
  
  b26d8da0e7ffcf2aa5c31dd772652c91206b9e5e91b9ba9e46a23b00c03f18a65dda20e65ddef83926a58c6fc9175cdb4849422b013bf072a7537105b85c00a9
- SSDEEP
  
  1536:iDUrzRtRGWkUIBH6lQiJeoxOsI3+JX37gSZry9unXPl1zvtHasef:Ie17PyBalQiz7I3UfZry9WXPl1zvtHar
Score

1^/10
behavioral4 behavioral5
- Target
  
  Setup/flutter_windows.dll
- Size
  
  17.4MB
- MD5
  
  f463e867e57aab7008ae21e059ef4de0
- SHA1
  
  02446e92d79e7ae35a88d0886e22e651f69705c8
- SHA256
  
  21df45a0d9dde445a28d6d6cacaae288c1262117f02496ee45d80254970dec0c
- SHA512
  
  aebc8f0bfcf518744b3a9da9c1d7afbe2d1bea71486a32caa2d2d92a43fe51ee3519629d8fd4c499fd6f387508fce484578e8bedd74ca6ef0b026b697a3f23a4
- SSDEEP
  
  98304:/1n13BAmZtFJpLs2kWCgz/kVq/JnMZ/4v7Wz8xwvKZzmpiUbALORuJwkRlwXYCqO:N7N6gz/MqU9mOkPqYlMe
Score

1^/10
behavioral6 behavioral7
- Target
  
  Setup/url_launcher_windows_plugin.dll
- Size
  
  87KB
- MD5
  
  c2af71450e91dd8a4e51f9ed7d46389a
- SHA1
  
  9f77f5ac122f3542ae21d5d5dc3140332126cd89
- SHA256
  
  75b1ed5a898cbf75a6d82cb1a472c1cca62b0d2af20aadee75b54902a68559ba
- SHA512
  
  d0afa36012d4bdb121f7104d0c27e2e7703e0f99bf3bcf5aa71369c8302a62b530b0104443b298d91c2ffc89b8f7bd9a88646ba8c9e27368301ad035cc6e409a
- SSDEEP
  
  1536:l+cejicYQ47D/mjixM7Hwthvi4Pi+lU6odm7VNVuahZhQedgE08y8E9s97VmociZ:l+L47jmqM7khvic1odm7VNVuahZhQedR
Score

1^/10
behavioral8 behavioral9
- Target
  
  Setup/window_size_plugin.dll
- Size
  
  92KB
- MD5
  
  124ed53c398419c6050d94eccec83199
- SHA1
  
  6bb901d63626bf2803a89e9916ed688edc8b79ec
- SHA256
  
  dea9beeb3638ea0e2c265ad4b35359b34fb2530af2156d78af5f97ecb44f4cec
- SHA512
  
  6deb722f96bc0507e38fcbd0ed00079f9032931bf8cbdd40407768f18ff95626e11d907f87a56da5009a2f15456a43f72593d5d68059fa89c2a296515f1405ba
- SSDEEP
  
  1536:CQzyvG8Y1eHMH1lPkOrCZOikfxn4xq9JafOEAnd/PqaqMYW4A:Hb1eHMHvxWZOia4xqrSOEAnd/PqaqMYu
Score

1^/10
behavioral10 behavioral11

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

.NET Reactor proctector

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11