lumma | 8e7391f55642f8b52e8c20afb4007a7df1a85215a12660cff88590b4cc631420

Sharing

Copy URL

Twitter E-mail

General

Target

New WinRAR ZIP archive.zip
Size

14.0MB
Sample

250108-xvfdcs1rhm
MD5

410b420f7ea683db6602a54daf9d5d87
SHA1

458d00abcf6a69057b0ce99fc48907d710fe86d8
SHA256

8e7391f55642f8b52e8c20afb4007a7df1a85215a12660cff88590b4cc631420
SHA512

8eab468630ab0a2271c64421d7d44a0c7a7b5646dd53a46b83470e276a5cd24f542f5d1b91e3dab044e4ebe94936423a936759e6808377f08e6f804c7e236109
SSDEEP

393216:ybtPe4bLNoTzrMZdpTmBGqQCv7phabeqePBC9jX2U0KCEcH91XK:yJe4dUiEBGDgabNecX2gCE4PXK

Score

10^/10

Malware Config

Extracted

Family

lumma

https://freefacerz.sbs/api

Targets

- Target
  
  New WinRAR ZIP archive.zip
- Size
  
  14.0MB
- MD5
  
  410b420f7ea683db6602a54daf9d5d87
- SHA1
  
  458d00abcf6a69057b0ce99fc48907d710fe86d8
- SHA256
  
  8e7391f55642f8b52e8c20afb4007a7df1a85215a12660cff88590b4cc631420
- SHA512
  
  8eab468630ab0a2271c64421d7d44a0c7a7b5646dd53a46b83470e276a5cd24f542f5d1b91e3dab044e4ebe94936423a936759e6808377f08e6f804c7e236109
- SSDEEP
  
  393216:ybtPe4bLNoTzrMZdpTmBGqQCv7phabeqePBC9jX2U0KCEcH91XK:yJe4dUiEBGDgabNecX2gCE4PXK
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2
- Target
  
  data_Info_file/x64/AdonisUI.ClassicTheme.xml
- Size
  
  146B
- MD5
  
  68a996036a022036a7260c21aca60d8d
- SHA1
  
  f7ccc93b98ede087327b9a2ee33b49084adaaa7f
- SHA256
  
  e97828272a7a30780a4b92c791ae94b3adc4268463c53f81df0a27a372c77348
- SHA512
  
  0106caeecb55ff8599bc6f666e19306354e53bf2638c6298c8148a1e956ef7fdd04d79575abebd25e4df9d7e21f5996b49b293e0f2b03b53d81ebe95a1759997
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  data_Info_file/x64/AdonisUI.dll
- Size
  
  164KB
- MD5
  
  3d4c8b6aad28ec574e56ccda22b34ef3
- SHA1
  
  bc22ac7097e597fba3d7367b2fd5c61adff28941
- SHA256
  
  db46b6106dc1b30041ce3f287ded91166895ff3f1928250fc79dd46c444b1e45
- SHA512
  
  fc56241e65dc7bcc678a2af92f79bda017ceb3f7c4f203c7e9ce753d573da868608a6f56545c0d181a625737278b7b73223e5dcce85bf1f3c5b7b1b06e5c5739
- SSDEEP
  
  3072:fuZPAdWKbu3355s555GPQKljrKxX0yAbTxin1YzqHf0llbS1sjZ73h39Iwj:GydWDrKxG3h39Iw
Score

1^/10
behavioral5 behavioral6
- Target
  
  data_Info_file/x64/AdonisUI.xml
- Size
  
  76KB
- MD5
  
  a310f32ce7eb9a28e9b0fa5e87ac71de
- SHA1
  
  bb8204232932dfea23d2fa76b44954ac559922aa
- SHA256
  
  3dbc7b701f01ca178359a1de543792c919ed49c16dfa06d766c545c8ffa51c50
- SHA512
  
  3ca0a763383092c5df00efed0a02a13b2413a17e6b0f966364bfe932a2cf8992450778dad730d9afcdc7b8ee090e3e7c124d3f38e92a213403f38120e87f6805
- SSDEEP
  
  1536:sBjMs3uxMVuQHWVhVRVeHELtQyVuHEItQyk3n2q6RD3CKlJvJk3IwniCbgnHCoaf:sg8MA0OhcSc
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  data_Info_file/x64/SQLite.Interop.dll
- Size
  
  1.7MB
- MD5
  
  56a504a34d2cfbfc7eaa2b68e34af8ad
- SHA1
  
  426b48b0f3b691e3bb29f465aed9b936f29fc8cc
- SHA256
  
  9309fb2a3f326d0f2cc3f2ab837cfd02e4f8cb6b923b3b2be265591fd38f4961
- SHA512
  
  170c3645083d869e2368ee16325d7edaeba2d8f1d3d4a6a1054cfdd8616e03073772eeae30c8f79a93173825f83891e7b0e4fd89ef416808359f715a641747d7
- SSDEEP
  
  24576:YPUxmkgSxPgobZPRjZ22H6edtOZzWySRO3mlE0i/Yl5P+qF+8k+ao/si6:8UxXPgo8e6WYBSJZSS5P97I
Score

1^/10
behavioral10 behavioral9
- Target
  
  python27.dll
- Size
  
  8.2MB
- MD5
  
  271dcb664a7fd7a7c7c8ea6767312f7d
- SHA1
  
  6c6cb422f48620cd2a52ddb9c48f489ab77f9b7a
- SHA256
  
  71c5308d9eba6596ce02b39108aa2b7283bcf2253d23d316d475de83cd9c1e5c
- SHA512
  
  89aaca8c824c5cbf98c62a23c5ada9f17994fe13d6dc3d4be949b8ccfc66c8913062081f5e34edf29d5a43c06dd68d3f1589d89da58be5938776a1e2ecf2368e
- SSDEEP
  
  98304:6+OW0GlvGHAl0wmMghMtHIledkp8WmvJOCqpoKy99z++kH+YUGxI6Ha5HCW2HH5w:6+h0tAvmjimqOWl51zczU8HWKZxlzLlu
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  umyvvg
- Size
  
  3.0MB
- MD5
  
  4205801ab16dd48bbc4e3c068ff12405
- SHA1
  
  9c7f98a4bf4ec09c75f6f9d366abc6ffbe419bb7
- SHA256
  
  915e206c809ce93b64c2715103533b89af1323c27b1aca75f84ff48721278a62
- SHA512
  
  914f8ba837c243f2d7d027df92387142b62fb889fd87d671c9819369bc46f96a68673fbf9111c383f4226439a42e80f6f97a3b498a7dffc1dbbdcdacd0a5fa39
- SSDEEP
  
  49152:8ImaIG811e/4Yt+g4fy2FswkxStC5VzbCEnQexPJVYMBT+YijY5xseGnxtXchc:8kE11e/145fh8xbVQe3CMTWxtr
Score

1^/10
behavioral13 behavioral14
- Target
  
  vrrumug
- Size
  
  39KB
- MD5
  
  0ec27ed1891a325c1a657e6755d864de
- SHA1
  
  2a6afec90c8a4adf4ada586783b22432551b69d5
- SHA256
  
  74baa01a242a3a618e4a2492213358aa05a0f25ce4977f720a255ad43cbfde1a
- SHA512
  
  118c7172649940844a0b5a1c88c86cbaa3ddbf91c158781b87d1060c0ae2d97adda425255c530f8b5f7f64441e33983f3486b21737ce8becde279cc450f7166d
- SSDEEP
  
  768:0DSkmslOkT6fOR3kWhbC9MREu3xdOXktJi5v/0Yb9HpXwt2evxBPe5uPXH:/kPvumR0e2emQdOj/ztpX+FxN5v
Score

1^/10
behavioral15 behavioral16
- Target
  
  x64/031.phpt
- Size
  
  565B
- MD5
  
  03744b04fa52a70b8fd2cb07cdc31246
- SHA1
  
  118c61628b9769e65ef07f0c1567a23849d4ba7b
- SHA256
  
  5e77b8f2dfaadebaf41a3051f99edbca27e80fff9853116a96d3e5913397570c
- SHA512
  
  b50837b4e44fcf3fbea9e59452fdea604235cacc7d04e6af534a3d68c1fcb8a13e91a976bda1f2c545f980b2eff8567155aa79fa5cd63d704b73fa873693ad68
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  x64/037.phpt
- Size
  
  363B
- MD5
  
  3acfc95417b0e39fd093f324f8e3298f
- SHA1
  
  6a15dcbeb286f431d1cf19b510f19e7e41273012
- SHA256
  
  8f69f07ffa846c5ad30d4c77bf530eff73c8f1139ecf1436240bf8fa9433282d
- SHA512
  
  dadfb4c785dadc1e5e9b236f0f9ac7cdb6367a332dd11a16c27c9bca6c90a00e89855c76d522e6c4971ad336c4373ff2f8c798d85100970d522b8d0f519f28b0
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  x64/bin/Microsoft.VisualStudio.Setup.Download.dll
- Size
  
  303KB
- MD5
  
  01fcf5616da8122ce851bde1a9663424
- SHA1
  
  4e839d112af6e1b0ff3fb1ded4061f381b711717
- SHA256
  
  afec345579e0ce777ce5c28a69a9d09d863bbbd8aaff4bf35674df69d7f4919b
- SHA512
  
  f6714df5cdb5ef1dd2b244ec493217b3a134c6ab0fd630f1e9d7288524b091aece14e93fecaedf0adf6a7e58f7fcd4ef61989712f6a60d4f7713dbb701900e67
- SSDEEP
  
  3072:eY8A3oVn0y2ISzbrY+piKBDd/98Ob2KwfxRww9BLOSoKzrx89pp1Rvymj/LcnvA4:eVmoV09oK/nw9Bdz69p8nFlzW0z
Score

1^/10
behavioral21 behavioral22
- Target
  
  x64/bin/bug77691.phpt
- Size
  
  357B
- MD5
  
  70f8e80f20ff322f837a8e57558810b3
- SHA1
  
  94db455bdf11958019669758a887328ccd42f14e
- SHA256
  
  9610de94e4eadea444069f59b91d0ebd326f5c3e6148bb2a10af4165b19dd707
- SHA512
  
  74ab7e104cf441ff02ad1791fa5e9ef77ddead073ed0fd4fca91b97490a0959fd5ecfe3e1d949e2065f8ce0d733dd5631b5baf6504eb60c58bcd6dcab07e9f6d
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  x64/bin/curlopt_private.phpt
- Size
  
  548B
- MD5
  
  656a06ab08bb82b2ffb8324a9a581c88
- SHA1
  
  5ab0abd0048b33added5ec6ef512a40b5f269699
- SHA256
  
  3675503ae3ad8966f4865aaae930e22578b386a4f509d93834eedc1cda7da8de
- SHA512
  
  9990d914250a182225b155446e7d142b394f7d63947efe773faa7d242fa270cd81bd30fbdc0d8c533308ce1b31df5e28674990a3d095a1f9695ab11cae8dbf96
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  x64/bin/fgetcsv_variation14.phpt
- Size
  
  4KB
- MD5
  
  a0f14607f14a2646e0f88046a549c247
- SHA1
  
  afde6665d6206580f3c124bee57941cbbbd1b487
- SHA256
  
  07b9e0b8eb22533f6f4f7781aec76d42a9d696b66db0fd0800754ce15ccc7efc
- SHA512
  
  4ee0291e266266dfd973a7622d731cfe0da650cc5a66ffe6f9a02c54f3890a805e9840d69f3949869ec2881c6e991630611533e42d9299e24ed2949191721938
- SSDEEP
  
  48:mz0JUp1euozN+X8bkFuD/L9CAQwCqTqbS1/q62fI:mrkuWN+sQFy/ZCAvYSB3
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  x64/bin/mb_output_handler_pattern-01.phpt
- Size
  
  325B
- MD5
  
  2e795f13eec94016d094c1ce785edd84
- SHA1
  
  10df5f6ee8e2f243d2bfb0dab170e3151630c52b
- SHA256
  
  eb7d7d85352c47e9a6cfe74667cd1f9701a85750c04a3fdf42f999642c81b7d9
- SHA512
  
  f1d4a39fd323e773235b95b7557f5a2e588adf506d2a865e63fab74a9e266750f2cbd930074578e7dca9caebb9c766c7ebd197f6ebca8ce7475bc89047c20e8f
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  x64/bin/pdo_mysql_attr_errmode.phpt
- Size
  
  5KB
- MD5
  
  70bce1a111c12a2c9119f81ee48b19d2
- SHA1
  
  775ca345cf075b534075005d7a769df9d9266bb1
- SHA256
  
  356e43ed1cdb55b1c2ea16e19b71498d9b813191a4f9234fda24516eb76f0709
- SHA512
  
  adbfdd8fd14f3b353c86af9aea91aef09074cd103c42354a8b09fd1bf44d71a2ee732fddd0d705cb7e3517845c530427426454a1d0ff1b08b4f446239618ac99
- SSDEEP
  
  96:vd3LUoke+eHe2FnE9xJwz83QEhxozrsF0iRUHHpF0lhRnvxpF4ZoIVM6t:ZLU9By89xazahxOiR4HpWlhRvxpsu6t
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Process Discovery

T1057

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Executes dropped EXE

Loads dropped DLL

Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32