lumma | 25b251a6b74d9d65060cbcf1fcb404252f0146f884039346960c28c369062a2e | Triage

Sharing

General

Target

lumma.exe
Size

5.6MB
Sample

250108-l8p9yaxqbn
MD5

5bffec5b786b54b8fe06990047bc093d
SHA1

d00b98ed1046b04e04b90fc79f3dc97d9b92acf2
SHA256

25b251a6b74d9d65060cbcf1fcb404252f0146f884039346960c28c369062a2e
SHA512

cee97c2cdce26b505b56e556d8c608e77a2968ba0b843783f84bfc61ee37985b9d4232db4e429a13f7bd3ee1e5057ec80cd95d19323fd3bae5e7db37be049d8a
SSDEEP

98304:5Pe9jGF9Chib7+AIzsy+uEAN7mbE+EDEBD8WIq0rgyq5oxEywlmjsGLT2HZTpUAT:Al4+AWwcFmA+E4Jfyqf/mA4T2HBT

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://robinsharez.shop/api

https://handscreamny.shop/api

https://chipdonkeruz.shop/api

https://versersleep.shop/api

https://crowdwarek.shop/api

https://apporholis.shop/api

https://femalsabler.shop/api

https://soundtappysk.shop/api

https://hardtofinner.cfd/api

Extracted

Family

lumma

C2

https://hardtofinner.cfd/api

https://soundtappysk.shop/api

https://femalsabler.shop/api

https://apporholis.shop/api

https://crowdwarek.shop/api

https://versersleep.shop/api

https://chipdonkeruz.shop/api

https://handscreamny.shop/api

https://robinsharez.shop/api

Targets

- Target
  
  lumma.exe
- Size
  
  5.6MB
- MD5
  
  5bffec5b786b54b8fe06990047bc093d
- SHA1
  
  d00b98ed1046b04e04b90fc79f3dc97d9b92acf2
- SHA256
  
  25b251a6b74d9d65060cbcf1fcb404252f0146f884039346960c28c369062a2e
- SHA512
  
  cee97c2cdce26b505b56e556d8c608e77a2968ba0b843783f84bfc61ee37985b9d4232db4e429a13f7bd3ee1e5057ec80cd95d19323fd3bae5e7db37be049d8a
- SSDEEP
  
  98304:5Pe9jGF9Chib7+AIzsy+uEAN7mbE+EDEBD8WIq0rgyq5oxEywlmjsGLT2HZTpUAT:Al4+AWwcFmA+E4Jfyqf/mA4T2HBT
Score

10^/10

discovery lumma stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummadiscoverystealer