lumma | 1b62a4592b4279298ed57f746b7da2c32e4cd714c8a38f0b803617958e945a62

Sharing

Copy URL

Twitter E-mail

General

Target

Nexol.rar
Size

2.4MB
Sample

250107-w1hj8svkap
MD5

e0fa6985ee5659e9765a991f02790897
SHA1

5e61e3014323936af49ac097219fbe4258bee733
SHA256

1b62a4592b4279298ed57f746b7da2c32e4cd714c8a38f0b803617958e945a62
SHA512

1cb41a95ee5c89e80d856baa06083e986f69abefd935c5ee28eef924ccb7ce4e4a0b3651361161cfcc86a023059298621cd6db45b85220a86b061867a7d4a497
SSDEEP

49152:YQ6hPtpCKRhXdlvHNJR1uF/Wy4fV31V8oIZWuXqOYpb0XLhgh9Sn:cPtbRJfd1U/4NupObdXSn

Score

10^/10

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Targets

- Target
  
  Nexol/Nexol.exe
- Size
  
  350KB
- MD5
  
  3b74f9fa57267f104cad29ae462c591a
- SHA1
  
  468d086a35fad0dfbe5ced669a559581f100c087
- SHA256
  
  440eb5deff4296eebe9809934b459070125736a3cfb59f989642f7bd15a3ed67
- SHA512
  
  dd2eb4e843918d520ff81fb9dff4977fba84d71b05ae0418f11e87b441ba811940a2beea35925cf4b0ecc3be2d24e7e029a1d4ff44c782b53a60a77c9de10324
- SSDEEP
  
  6144:CBx0zkVHADVXoPbchIpRKenbVF4r9b/E3FU2GuN6dmlBYpm0ZWRifY3:C/0jK4hIvKprp/aGi6ckhWX3
Score

10^/10

lumma defense_evasion discovery execution stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Downloads MZ/PE file
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  Nexol/Quadv.dll
- Size
  
  547KB
- MD5
  
  9591405073c6460e382343c75de477e3
- SHA1
  
  32d73c95f3a6f5470230dd21800de592c06d906a
- SHA256
  
  952dc4888a39c7ae027b323345996ff163af787e71103af323588df74be01f23
- SHA512
  
  d7cf6df8eea6128447ebd99a9c4c5823b0ae1919dfd30bb63bdaa277eb7e1a7226b0bb2da675b790cb4b6cc4262c26094a96c34b3d257439a02c80b5db0f7138
- SSDEEP
  
  3:GmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNu:s
Score

1^/10
behavioral2
- Target
  
  Nexol/Xheu.dll
- Size
  
  86KB
- MD5
  
  e20f47fc6b9c5223478b583a73e58544
- SHA1
  
  28a793d431dec8a637cba226b76f96b05f38c719
- SHA256
  
  5b8835142581306c013b00c1989263e4db3f2f9940755d0a178af443393219c4
- SHA512
  
  523c32b289cd836894603efc6a3a7430df79ebd42f26e603cc72e2129eec003e575a34bfb5896b6a03c10e789b27ff9e76553f17773ecab972cc23cfcc12bfcb
- SSDEEP
  
  3:GmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNF:Bdh411I
Score

1^/10
behavioral3
- Target
  
  Nexol/aah32.dll
- Size
  
  551KB
- MD5
  
  b0739745e782946a0dae3c0026e24d32
- SHA1
  
  702e88c1d3b23000db64028d688cda310d79d70b
- SHA256
  
  68810e83425efae5727d3ccf2aa0fcf82f571cd756c48c89869a55d952936bf6
- SHA512
  
  9390ff73c37db63721d957c59bbf46d198ca7fdc2246c340b735fab3c82bad33c3c757f466da89d1cbfc64ef43c543495499dc8036d43d1e477d0fc4f6cc9fa6
- SSDEEP
  
  3:GmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNB:n
Score

1^/10
behavioral4
- Target
  
  Nexol/inject.dll
- Size
  
  153KB
- MD5
  
  b9845d2018ad4752641a4de3af749fc6
- SHA1
  
  d0c7ac1b38d43f2cd462cfff36dfe41d3af63057
- SHA256
  
  93af58358d1fb0b3faf592375dc1826caf172544223e8ce2ee4e63a4f6ee46b5
- SHA512
  
  56f2b98a2e9a31c25e6a5e32037997e888c51d4b20d04b9a8eb52a5db825af82b643a06919ea918829a8d9dd80dfc5cb000c77617e753610d7e66b6d6d32ea73
- SSDEEP
  
  3:GmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNx:dx
Score

1^/10
behavioral5
- Target
  
  Nexol/version.dll
- Size
  
  183KB
- MD5
  
  6d7f976b644410f6251697469e25af61
- SHA1
  
  faa26974833529f162cde7273405bcc6a945a9b6
- SHA256
  
  bb83eb8a0ae75c425f6ec72af554e5f8158eb4ffa0a898e26b564fc0217c8ae5
- SHA512
  
  e160464239b42bdaade8a50e762e233053627c67bccd435c8431aff5efed36945f5524b5e1e56821625ff71456eb5b640ace959aa728d0cf186c1c91a7cf39d7
- SSDEEP
  
  3:GmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNB:n
Score

1^/10
behavioral6
- Target
  
  Nexol/x64/Vsg32.dll
- Size
  
  5.0MB
- MD5
  
  a049ce8dec55021086e4231f299c470f
- SHA1
  
  5b693669572230422fbc57e888bcd218eb2a4a98
- SHA256
  
  95f8082fde571e1bbb885fa6b92d67f3bb8fac66337687e9502aa73f6ac37ade
- SHA512
  
  1ccd6ccbe964a21958ed8765724f4d5f5aa7b0d2e025614bf4fd6a929ed8b37b09487022a62207bcec211cb455c0c9d64fac13f27d8845e2e062b9d715512cfb
- SSDEEP
  
  24576:S9ChCwC+vwWi74+ZsEfw3fc/cUkwwKrfMarSS2EbJI/5Qz+LRWV9X1BylFDefUxd:S9C9oQMo
Score

1^/10
behavioral7
- Target
  
  Nexol/x64/cfg.dll
- Size
  
  5.0MB
- MD5
  
  7bfe885d87026d0d41dba5fb4173201c
- SHA1
  
  027637e1c7fd24a7bbaba6b926cce67e47d8e7dc
- SHA256
  
  2b529e8afa002053744bb4e2430513e7745f91b5052446ef2d0568e91d5b1280
- SHA512
  
  d2ded5d1c216900e340425f652c585398f2662f3aefe552e80161af90d1656d2ed202366c2ac794564dbf6eca0c1d769f62fcb979a0d666ea06540e389a30951
- SSDEEP
  
  24576:v9ChCwC+vwWi74+ZsEfw3fc/cUkwwKrfMarSS2EbJI/5Qz+LRWV9X1BylFDefUxd:v9C9oQMo
Score

1^/10
behavioral8
- Target
  
  Nexol/x64/x32d9.dll
- Size
  
  100KB
- MD5
  
  a969c4ddb06f8f7b82c6e1e1f5d38fe1
- SHA1
  
  923df45d86570bc4107c0dcc6bb9bbba2a9dfe74
- SHA256
  
  bf31dd26195b875bb45f91bc4e482eb2b1657b9357846b2ced154f23b713e0e7
- SHA512
  
  88668e48ad5d17bd88f91ce3b425f536982957622f52eb6579367bede19444a955eb3db588c9820bc35ee469aad0047cee007b7250b9bc722e317d158f131d1b
- SSDEEP
  
  3:GmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNd:SqsiCO
Score

1^/10
behavioral9
- Target
  
  Nexol/x64/x64d3.dll
- Size
  
  4.8MB
- MD5
  
  b744f5976b64674d00ba08631c4a07f9
- SHA1
  
  66dbc4b7a5fe9e42c8da94d7a7940023bb8b50aa
- SHA256
  
  fea44ec1aa17a4037b5d5b6de901232fedb17e8cebaca5c85aed1a335283b5f8
- SHA512
  
  9a899741a20f24377ead33430c641b933c32af55e01ed825c1c7aa7e438d39d6b60027021b479d7dcac48319bf2ea19c25ddbb048508d1e56d6aa224021ca1ab
- SSDEEP
  
  24576:S9ChCwC+vwWi74+ZsEfw3fc/cUkwwKrfMarSS2EbJI/5Qz+LRWV9X1BylFDefUxQ:S9C9oQMh
Score

1^/10
behavioral10

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Downloads MZ/PE file

.NET Reactor proctector

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10