lumma | dc813f57acd54cd1d0067adadc56cb9347efa0f6eb2628427158d3c75eafa1ff

Sharing

Copy URL

Twitter E-mail

General

Target

Kapu.rar
Size

1.9MB
Sample

250108-2ffg2awncx
MD5

bde953e9edade9135691a71d64f5efef
SHA1

7f29914cde929688a6e6255cb479cd86e8b60275
SHA256

dc813f57acd54cd1d0067adadc56cb9347efa0f6eb2628427158d3c75eafa1ff
SHA512

628fbad49c1e8a215506538043c90e0077264ed9393306e59eaa31f3c5ee51d21247bf7e92b78147e6772afbc2a6faebb3201abbbe526ab423f62e752ec40cf3
SSDEEP

24576:/+U5nQsmY2j9L80lbapoeRu/88AGcqx/GsbCxndz46fl6OXOY1sZSxCP/pzZqOp8:/75nYxLbbabNU3gndsHqsCCx5ZqlzMkv

Score

10^/10

Malware Config

Extracted

Family

lumma

https://robinsharez.shop/api

https://handscreamny.shop/api

https://chipdonkeruz.shop/api

https://versersleep.shop/api

https://crowdwarek.shop/api

https://apporholis.shop/api

https://femalsabler.shop/api

https://soundtappysk.shop/api

https://letterdrive.shop/api

Targets

- Target
  
  Kapu.rar
- Size
  
  1.9MB
- MD5
  
  bde953e9edade9135691a71d64f5efef
- SHA1
  
  7f29914cde929688a6e6255cb479cd86e8b60275
- SHA256
  
  dc813f57acd54cd1d0067adadc56cb9347efa0f6eb2628427158d3c75eafa1ff
- SHA512
  
  628fbad49c1e8a215506538043c90e0077264ed9393306e59eaa31f3c5ee51d21247bf7e92b78147e6772afbc2a6faebb3201abbbe526ab423f62e752ec40cf3
- SSDEEP
  
  24576:/+U5nQsmY2j9L80lbapoeRu/88AGcqx/GsbCxndz46fl6OXOY1sZSxCP/pzZqOp8:/75nYxLbbabNU3gndsHqsCCx5ZqlzMkv
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  DirectX2D.dll
- Size
  
  1.3MB
- MD5
  
  00b3e7dfc26fd3547082eb20f4eec53b
- SHA1
  
  27e5ff2320559dea39b99cec73489077db4830c2
- SHA256
  
  494d98a99ab8fce6d615bb48d4d014640da2e208002ba647e226f09b8678afa3
- SHA512
  
  181692d4d728076d6de86a78f9af725690ba9cfb3ce1c884c535b06e6b55eb8ade367ee1583bdebfaba6de27f768293e2225d0bdc1e168ea390fa629aea6fc51
- SSDEEP
  
  24576:j8SK96R8lJyi7BEEWYPkyZjNJYRKbLenypiqIW0NJo:j8SQ+8uWEFYPdN6ypGHNu
Score

1^/10
behavioral2
- Target
  
  Environment.ini
- Size
  
  15KB
- MD5
  
  0521921d1b973d325896a215f059e864
- SHA1
  
  17ee5cf0adc237048520e3fb3b47da19e40bc9df
- SHA256
  
  e41fdf321ec9b1287521481e8a277eb6768c639c6c142880970b5ecca2a1ff00
- SHA512
  
  4476039ed6e2f430c4b3c827d2d735a1e5b4f2623cbf07f3d00462bb6f4c549b1695018fcdfb26a5002a0379c104a2e269ee11d4ae7bb40d104bdee5998303f8
- SSDEEP
  
  192:bcZm9Dt39eaGuhcRgd334Yt1Hms0bymw1RCx4:zDt3jZcO3l15MW
Score

3^/10

discovery
behavioral3
- Target
  
  Loader.exe
- Size
  
  392KB
- MD5
  
  05e6a5849029eb0bf93daa91365ca6ec
- SHA1
  
  dd3f61dcddb7a233b5d93099504e3f62c7a3162f
- SHA256
  
  cb6bd4c81cc8662218333d0286903253229ec9be6c4011748f79701b811d1851
- SHA512
  
  5249241c92729b6240660ce098218dc5e2f7f471a45e1dbc7b2f4de3fabb3632acb2d3d7d076db853becf2fa35ec15334d3d8ecc5b35f5c213b6a74052c7cbac
- SSDEEP
  
  12288:A0b9ATgsbW6XZD+7mEAeG3hVZfmrXF1iY0+qtK:XATgsSSx+7Ux3hDfmXasv
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Suspicious use of SetThreadContext
behavioral4
- Target
  
  Other/Environment.ini
- Size
  
  15KB
- MD5
  
  e7dd4e065af3cd26fed13ba93f37c015
- SHA1
  
  730ed04e211997ccac7ef9901eafd09e4b4dfd4c
- SHA256
  
  000628e5c2bd0e1baa6da1827e506bc7359ca68b18bd6d50b0abd5d84000ed5b
- SHA512
  
  1a9e5df92b2373ba2f348b708108ba158b1fa95b7f4b56f7414fead48ca07c8f0fef93dcc0c50c1e7183e72243e6dad5fa4264e706c0c505c0706fea1d679496
- SSDEEP
  
  192:bmZm9Dt39eaGuhcRgd334Yt1Hms0bymw1RCx4:pDt3jZcO3l15MW
Score

3^/10

discovery
behavioral5
- Target
  
  Other/RestSharp.dll
- Size
  
  186KB
- MD5
  
  74f7189e0d8462b4766ceda305b5e6a8
- SHA1
  
  27bc0b6410917ddd63b3a61230e61ee56b85886f
- SHA256
  
  44d7ef808bdf27da453059afe5dd132f061e302bb34b1bff3c79b74249c52640
- SHA512
  
  22f50aae579060474ef35103aab4d1010ba53790219631c15136306977422d9324e01a50ef160b6c9ae82311ecf1d8187c971fefdcb7c3639591682f36dcdae6
- SSDEEP
  
  3072:P2SM9KBg52ArSQIi+N2/4CBUBu4UH/vammBktTqTLJ1qI:u551KBa75fv2
Score

1^/10
behavioral6
- Target
  
  Other/Sentlog.dll
- Size
  
  125KB
- MD5
  
  181f3e3d0c509566283156816eb317ca
- SHA1
  
  400debdd4fb9ae24719157132a87c4bfeff7fa6c
- SHA256
  
  db0a4c4a21a1ba0937d1c22095c2b0702422efd4c7a41aaa577608288a2e69fc
- SHA512
  
  039d5a0013d6f0e916a86baa95452d79d4524f5c83b913170daa73e1333b2d424c0d9a74193e71ede3a0866b778781c57993806baa08833d11df825626e6d667
- SSDEEP
  
  3072:6obKO7RaoWuUeZk/f0Sh1HlWZm1ZZTdyGFkNUMT+P65jDt:bbKKz1UeZk/Phv8lDuPa
Score

1^/10
behavioral7
- Target
  
  Other/achevelog.dll
- Size
  
  247KB
- MD5
  
  319226c18dbc02d2ac4c0dd9dc116d53
- SHA1
  
  4ef827ec4c51cf2845e3a50fc23700177a4930f8
- SHA256
  
  eb9b84a3df6ae51759544ba04224a4f91454b8a81d54b37c846a4216bc72c15e
- SHA512
  
  dcb2b6e9e1f820472e96cd3e649cc696948d02545c141c483234aab98706c0d19051fcafafc14a928b6b2937125c61db3c49cdc45181e809d73df73f7db3cfbc
- SSDEEP
  
  6144:L5V1a8gCaIAaLPaiUoQhdTC015tRuAKObQ:rsmaIrPaikhvftA9OE
Score

1^/10
behavioral8
- Target
  
  Other/d2patch.dll
- Size
  
  80KB
- MD5
  
  9ed0cc60faa1ca995f75dc8b4bf407c4
- SHA1
  
  87dc3a8ef47d8b2f6c0c4570adfe91188b7dc960
- SHA256
  
  acfde5b1463c95832dd7757a0407d7b81584d1f2aa5175095ca88a47535b2557
- SHA512
  
  9ae2c83aff79dbbde9ac3499a52398241cb9342eb12d3212dacebbaf5dd3d25fb1675b2a27982cbc77f1eb3f025ebc23b28581c40e374979d64fac3aad7c2771
- SSDEEP
  
  1536:q+nxJexI0myeXrvyBuaekzvaUUozZPM9o+mnxVS49:q+nex5mRXrvyzTe9o+mR9
Score

1^/10
behavioral9
- Target
  
  Other/jascriptfortpatch.pdb
- Size
  
  679KB
- MD5
  
  916d32b899f1bc23b209648d007b99fd
- SHA1
  
  e3673d05d46f29e68241d4536bddf18cdd0a913d
- SHA256
  
  72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661
- SHA512
  
  60bd2693daa42637f8ae6d6460c3013c87f46f28e9b0dbf9d7f6764703b904a7c8c22e30b4ba13f1f23f6cbee7d9640ee3821c48110e67440f237c2bb2ee5eb6
- SSDEEP
  
  12288:1eos/POdGV5jfWrV/9Yeh9eRcyLfLYtT5mWxTZ/B7jW5JMtRRpKzQk:10/POdGV5jfW5VnhFyvOB7jW5JMty
Score

1^/10
behavioral10
- Target
  
  Other/patch.dll
- Size
  
  938KB
- MD5
  
  3169b48a9a2086e53c4493c03579902c
- SHA1
  
  5f3b2405818c29689875810164e7cd4da3f024c9
- SHA256
  
  e63ede4ebd7e64493ead8e91f475238ff7dec17eb403798e4ba27d592a9757a8
- SHA512
  
  a592ba68e008108f66c683f5d2edb29cf4ba15661151d54150089cd8ccf4d5ef265c62278a62a70a488db38a03ea4feacc9fa59173ee8220d864142ccf7dded0
- SSDEEP
  
  24576:GuiMZV9ciqJmRuzSEdaSL3+LcQVUgl3L94trn4TM9fLnIMftk:UmySaWSglJ4tUTi5t
Score

1^/10
behavioral11
- Target
  
  Sentlog.dll
- Size
  
  125KB
- MD5
  
  181f3e3d0c509566283156816eb317ca
- SHA1
  
  400debdd4fb9ae24719157132a87c4bfeff7fa6c
- SHA256
  
  db0a4c4a21a1ba0937d1c22095c2b0702422efd4c7a41aaa577608288a2e69fc
- SHA512
  
  039d5a0013d6f0e916a86baa95452d79d4524f5c83b913170daa73e1333b2d424c0d9a74193e71ede3a0866b778781c57993806baa08833d11df825626e6d667
- SSDEEP
  
  3072:6obKO7RaoWuUeZk/f0Sh1HlWZm1ZZTdyGFkNUMT+P65jDt:bbKKz1UeZk/Phv8lDuPa
Score

1^/10
behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

.NET Reactor proctector

Executes dropped EXE

Suspicious use of SetThreadContext

Lumma Stealer, LummaC

Lumma family

.NET Reactor proctector

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12