lumma | 00b9d1d9fdecf5c56035cd90461a9a3a93d74b588d203253b2698c64eddcb447 | Triage

Sharing

General

Target

00b9d1d9fdecf5c56035cd90461a9a3a93d74b588d203253b2698c64eddcb447
Size

70.0MB
Sample

250108-qbmj1atkap
MD5

062791084ec4605d7bbacf1105f5b885
SHA1

dc68b7eb995dc6462016e18c90fb5ecb2311e290
SHA256

00b9d1d9fdecf5c56035cd90461a9a3a93d74b588d203253b2698c64eddcb447
SHA512

a5ecbe3995ed230fc92ecb9e0566a36bd7c7ee26e160952b94c694ec6cedb4359366aee0e9fa4c404f05f4c64b70fa6bff0578f24f77f1501d5ae4af4c1a0a67
SSDEEP

24576:PcdAO+ciGEFSv5osh93ZkB0CMBR3EkuKrpXSsfN1htUIyDcOc7O7g:kMGNhBWK5BR3EkZNp1yDcx

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://preside-comforter.sbs/api

https://savvy-steereo.sbs/api

https://copper-replace.sbs/api

https://record-envyp.sbs/api

https://slam-whipp.sbs/api

https://wrench-creter.sbs/api

https://looky-marked.sbs/api

https://plastic-mitten.sbs/api

https://lumharmonyfields.shop/api

Targets

- Target
  
  00b9d1d9fdecf5c56035cd90461a9a3a93d74b588d203253b2698c64eddcb447
- Size
  
  70.0MB
- MD5
  
  062791084ec4605d7bbacf1105f5b885
- SHA1
  
  dc68b7eb995dc6462016e18c90fb5ecb2311e290
- SHA256
  
  00b9d1d9fdecf5c56035cd90461a9a3a93d74b588d203253b2698c64eddcb447
- SHA512
  
  a5ecbe3995ed230fc92ecb9e0566a36bd7c7ee26e160952b94c694ec6cedb4359366aee0e9fa4c404f05f4c64b70fa6bff0578f24f77f1501d5ae4af4c1a0a67
- SSDEEP
  
  24576:PcdAO+ciGEFSv5osh93ZkB0CMBR3EkuKrpXSsfN1htUIyDcOc7O7g:kMGNhBWK5BR3EkZNp1yDcx
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer