lumma | 517b6a097c3c3f94a2321780bd254d6ec5f4fbf5da66ac5ab9d7328ce0acad0a

Sharing

Copy URL

Twitter E-mail

General

Target

installer_1.05_37.1.zip
Size

20.7MB
Sample

250108-w87jbsyjfy
MD5

e6a32ae0673c8fe77268c558e27101ff
SHA1

209fc82e50b8fcbb644caf913c8be7db2bc2ae61
SHA256

517b6a097c3c3f94a2321780bd254d6ec5f4fbf5da66ac5ab9d7328ce0acad0a
SHA512

a2cbc28bd9e944b405f2347a90ef00cc7e50c96998fd5b06f6ab15401e685fa34f530eb02b604fb7ab73b1135d6d8d43d2349b756b9e9b8ca37a4c18a0cd8eb6
SSDEEP

393216:jVhhJexsWqktj7GtrISiuQzo6hMmVjwLGMBlLBQKk7ktStmx6YDjN1fxR1:hhjDkkucQzvaigldQNMAQvPxn

Score

10^/10

Malware Config

Extracted

Family

lumma

https://robinsharez.shop/api

https://handscreamny.shop/api

https://chipdonkeruz.shop/api

https://versersleep.shop/api

https://crowdwarek.shop/api

https://apporholis.shop/api

https://femalsabler.shop/api

https://soundtappysk.shop/api

https://shadeplucjek.sbs/api

Extracted

Family

lumma

https://shadeplucjek.sbs/api

Targets

- Target
  
  Lang/lang-1049.dll
- Size
  
  258KB
- MD5
  
  0ac98a4bfc717523e344010a42c2f4ba
- SHA1
  
  7967769ee63b28fc8bec14854a4a0a71bda6b3f2
- SHA256
  
  68546336232aa2be277711afa7c1f08ecd5fcc92cc182f90459f0c61fb39507f
- SHA512
  
  8a5f4f19c24c24a43d9d18a8935613ad6a031b8f33d582767a2407665f1ff39a403ddaeecbf4f22a58759fcd53f81f4392192ca9fa784ff098a6c995509f9547
- SSDEEP
  
  768:KNGdfE7k4pzco2V0lyurfRZBGb052Vqa9/QkHq6KT8W8LI1LWFznKM+psOKrjG5v:KNubVGu57nUQG0HZSBTjZGmDbKzu7Axc
Score

1^/10
behavioral1 behavioral2
- Target
  
  Lang/lang-1058.dll
- Size
  
  262KB
- MD5
  
  41c75e831a5571c3f72287794391a0e6
- SHA1
  
  0fe7a9a3c905d0376001a5c46edfc0000fa82bd4
- SHA256
  
  b3ad99afdaee3b9365e7a3ffcc44c2761e22a4f92dff5e5efdc52f6b08ea0105
- SHA512
  
  d3d03f3308db1862522127300127839aa44828d29622db20aea71e6a80a51247654e380d7a0126361d85774137826fc345ae368335bb1ea9c1c8995721daf432
- SSDEEP
  
  1536:yNbT+wDopP25xej01K1+KnohMEDdQPfYBRL37KCxr:gbiwo25xwKhTDd80Rp
Score

1^/10
behavioral3 behavioral4
- Target
  
  avcodec-58.dll
- Size
  
  26.1MB
- MD5
  
  d9a55aef72309f0d7d0f2d8af597c496
- SHA1
  
  ff847e2d21a315ddabf46d4bcdffa419d5f6f36b
- SHA256
  
  04b8ebc13e3efdd3d95b20ecac79c5040c02d07333f5756635dc2ba8440abee8
- SHA512
  
  009c4d703800feafc4b52aa8aef96485aa46621d7df191f0b5fc05da44ab82e27b8345931966dc0b1c36dc39f4fcd5c824c748565531b04acf8ba5834460b114
- SSDEEP
  
  393216:MZ1/9cf2VdHCsZYopFD/lqqhrhlYIRc6f6ma14htfCbuMmUznrsCa3coY0Vowg9q:Azo69
Score

1^/10
behavioral5 behavioral6
- Target
  
  installer_1.05_37.1.exe
- Size
  
  1.0MB
- MD5
  
  89a7d3c1e97f48a8adad247f0bd2228c
- SHA1
  
  9dae7ea2ab16fe209d52130f947c746f9953ae0e
- SHA256
  
  8587f4322cc4c737cb8f103bbbc1d12368fc43ec24d6a620f286537ec5a40100
- SHA512
  
  52ce5caf66d1aa6c42d676a67263fd61651b80eb5011d8f31c4b1e3f0dab6b530bfd35bfa40f558e8ff2103cc59d98175ced5a804f11d66e7e2255dd20cf4741
- SSDEEP
  
  24576:fxXBuGxv3iVkdSp1Rlq0HBF52+6FGjrscJd0S3X92ykYoph5kJlIfphTP:JB5xoR5HBF52+Vjrsk/2tYohWevP
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral7 behavioral8
- Target
  
  opengl32sw.dll
- Size
  
  20.0MB
- MD5
  
  7dbc97bfee0c7ac89da8d0c770c977b6
- SHA1
  
  a064c8d8967aaa4ada29bd9fefbe40405360412c
- SHA256
  
  963641a718f9cae2705d5299eae9b7444e84e72ab3bef96a691510dd05fa1da4
- SHA512
  
  286997501e1f5ce236c041dcb1a225b4e01c0f7c523c18e9835507a15c0ac53c4d50f74f94822125a7851fe2cb2fb72f84311a2259a5a50dce6f56ba05d1d7e8
- SSDEEP
  
  393216:LIckHor5uLnn83wAP5hxOZEa7/LzRuDFqILn5LgcKyZyQXt+8M:yEZbv
Score

1^/10
behavioral10 behavioral9
- Target
  
  vcruntime140.dll
- Size
  
  94KB
- MD5
  
  11d9ac94e8cb17bd23dea89f8e757f18
- SHA1
  
  d4fb80a512486821ad320c4fd67abcae63005158
- SHA256
  
  e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
- SHA512
  
  aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778
- SSDEEP
  
  1536:yDHLG4SsAzAvadZw+1Hcx8uIYNUzUnHg4becbK/zJrCT:yDrfZ+jPYNznHg4becbK/Fr
Score

1^/10
behavioral11 behavioral12
- Target
  
  winrar-x64.exe
- Size
  
  3.6MB
- MD5
  
  517023aad9ad2f3200057ce0b704e196
- SHA1
  
  7612058b5f0f87327b2957d5da63a2c6e65b0ea1
- SHA256
  
  de1d9040786c80f3f40f41c98aa1f6b14fc7b6f2d3db09eceadd340327164f8e
- SHA512
  
  bef1b7268d8c2c1f6c900fe392ecf11d2cd518dfa9944fb77c29c2306d20d89052a39c45d689054173ce866be1e93d4b3097131a120cd7567092527e1f50b3e1
- SSDEEP
  
  98304:vABAG9dn8V6e3yfnjvg6Tuq1LA28xv12m2ERCHo:va9dXh6q1Lf8xv5tCI
Score

5^/10

discovery persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral13 behavioral14