lumma | fbccc8952710a8a50655f4fe3a880c8373411b7ec40e54aabd7eaff3f1d0137b | Triage

Sharing

General

Target

Update_1.65.4.msi
Size

9.5MB
Sample

250108-n3mb7s1mcn
MD5

d330c09503e6c3d51cd2d3435de0795a
SHA1

5b7bbf5bc80f4b3863c263d1aed620faa4612c9d
SHA256

fbccc8952710a8a50655f4fe3a880c8373411b7ec40e54aabd7eaff3f1d0137b
SHA512

ed3abd52e47d36ca3637dbf3d738d6509049162dd3f084dc7b9c286f517be815c6825df2c1070f36ac4e4445e62919c44a37793fc4bc0761076608340c35610e
SSDEEP

196608:0uVUeJYJMd0rWLhjx5YHU+tYERMN2fr/pa/3pqnLtAPLMgzWS3W9i4EzP:lV6WLR+tYiyURmpML6DMgzJsc

Score

10^/10

lumma discovery persistence privilege_escalation stealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Targets

- Target
  
  Update_1.65.4.msi
- Size
  
  9.5MB
- MD5
  
  d330c09503e6c3d51cd2d3435de0795a
- SHA1
  
  5b7bbf5bc80f4b3863c263d1aed620faa4612c9d
- SHA256
  
  fbccc8952710a8a50655f4fe3a880c8373411b7ec40e54aabd7eaff3f1d0137b
- SHA512
  
  ed3abd52e47d36ca3637dbf3d738d6509049162dd3f084dc7b9c286f517be815c6825df2c1070f36ac4e4445e62919c44a37793fc4bc0761076608340c35610e
- SSDEEP
  
  196608:0uVUeJYJMd0rWLhjx5YHU+tYERMN2fr/pa/3pqnLtAPLMgzWS3W9i4EzP:lV6WLR+tYiyURmpML6DMgzJsc
Score

10^/10

lumma discovery persistence privilege_escalation stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverypersistenceprivilege_escalationstealer

behavioral2

lummadiscoverypersistenceprivilege_escalationstealer