lumma | 8e7391f55642f8b52e8c20afb4007a7df1a85215a12660cff88590b4cc631420 | Triage

Sharing

General

Target

NewWinRARZIParchive.zip
Size

14.0MB
Sample

250108-xz4xhszlay
MD5

410b420f7ea683db6602a54daf9d5d87
SHA1

458d00abcf6a69057b0ce99fc48907d710fe86d8
SHA256

8e7391f55642f8b52e8c20afb4007a7df1a85215a12660cff88590b4cc631420
SHA512

8eab468630ab0a2271c64421d7d44a0c7a7b5646dd53a46b83470e276a5cd24f542f5d1b91e3dab044e4ebe94936423a936759e6808377f08e6f804c7e236109
SSDEEP

393216:ybtPe4bLNoTzrMZdpTmBGqQCv7phabeqePBC9jX2U0KCEcH91XK:yJe4dUiEBGDgabNecX2gCE4PXK

Score

10^/10

lumma discovery execution stealer

Malware Config

Extracted

Family

lumma

C2

https://freefacerz.sbs/api

Targets

- Target
  
  Axe.Windows.Rules.dll
- Size
  
  236KB
- MD5
  
  115832262c8f4073805e977116bc3844
- SHA1
  
  ad7b60a078eb3b7ddcaf0f61f0ff09cf7dced954
- SHA256
  
  d91af71e275486fe8d8709df4b03605ad0be9706fe5fb7cb511d93d6154102e0
- SHA512
  
  abad08c084ca240517adc9cbfac498f89b8b424fe08601fbdbd9de128a0c9abfe222d8afb735d4b0a4e03075627c5f96641de9715afc0234e513ee6d4a30f637
- SSDEEP
  
  6144:bbGyhI/A7rUBySL+PA+D6r/ER/e0xc7lfaNXGyJUBPIKncXeJTGNC+8sOkIITtf7:vGyhI/CrUBySL+I++r/ER/e0xAlfiGyB
Score

1^/10
behavioral1 behavioral2
- Target
  
  Setup.exe
- Size
  
  1.1MB
- MD5
  
  2c87ed3ac24adddcaface3c66eafc395
- SHA1
  
  1d74e99450fb026cf88b400a905ee8d4c2814652
- SHA256
  
  2bde8b140b1c7071d6e5e353e0c3a32365319f4b7a9112a3ae8d13a0ebc149d0
- SHA512
  
  9cb0370d3d14679bbeb00ea5b3df7b930969384c7cc0c26d9fc97085236c7f6cf710a10b32e46498226cdcd5714c4e9aa115a867fa40648fa280cffb5d05f257
- SSDEEP
  
  24576:OO8tRi0TnvbcSa4zqlVb1MgugMGzL9pfi6Z43CvoNCkAjTerUElDG6b7Tb7j:EH9Lvbta2qr1ruAfi6Z4Hw+zlDGQ
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral3 behavioral4
- Target
  
  data_Info_file/x64/AdonisUI.ClassicTheme.dll
- Size
  
  287KB
- MD5
  
  8a1b183bca062f48402c74f2daba7b92
- SHA1
  
  d9417bf78b3b37d668c08e67f3c0f21dbc6dc11e
- SHA256
  
  8103f2cce6a864ceefe6c5b0c05087ac85ab04a2abf150e93bc9db90c54d9d20
- SHA512
  
  0f5120fa9ed24d2a49b82cdc62113302002ccc5e1cf389cc28830f36b2915f876bdf77094fa6dfa312fc01b6f482465297fa734509511fa7e72285569ce57e87
- SSDEEP
  
  6144:aMNTja9KIKf5RCs1ussMKlzI5iJQn9gu5DPOvObo:5Za9KIjs1ussMKlzI5lo
Score

1^/10
behavioral5 behavioral6
- Target
  
  data_Info_file/x64/AdonisUI.dll
- Size
  
  164KB
- MD5
  
  3d4c8b6aad28ec574e56ccda22b34ef3
- SHA1
  
  bc22ac7097e597fba3d7367b2fd5c61adff28941
- SHA256
  
  db46b6106dc1b30041ce3f287ded91166895ff3f1928250fc79dd46c444b1e45
- SHA512
  
  fc56241e65dc7bcc678a2af92f79bda017ceb3f7c4f203c7e9ce753d573da868608a6f56545c0d181a625737278b7b73223e5dcce85bf1f3c5b7b1b06e5c5739
- SSDEEP
  
  3072:fuZPAdWKbu3355s555GPQKljrKxX0yAbTxin1YzqHf0llbS1sjZ73h39Iwj:GydWDrKxG3h39Iw
Score

1^/10
behavioral7 behavioral8
- Target
  
  data_Info_file/x64/SQLite.Interop.dll
- Size
  
  1.7MB
- MD5
  
  56a504a34d2cfbfc7eaa2b68e34af8ad
- SHA1
  
  426b48b0f3b691e3bb29f465aed9b936f29fc8cc
- SHA256
  
  9309fb2a3f326d0f2cc3f2ab837cfd02e4f8cb6b923b3b2be265591fd38f4961
- SHA512
  
  170c3645083d869e2368ee16325d7edaeba2d8f1d3d4a6a1054cfdd8616e03073772eeae30c8f79a93173825f83891e7b0e4fd89ef416808359f715a641747d7
- SSDEEP
  
  24576:YPUxmkgSxPgobZPRjZ22H6edtOZzWySRO3mlE0i/Yl5P+qF+8k+ao/si6:8UxXPgo8e6WYBSJZSS5P97I
Score

1^/10
behavioral10 behavioral9
- Target
  
  msvcr90.dll
- Size
  
  638KB
- MD5
  
  11d49148a302de4104ded6a92b78b0ed
- SHA1
  
  fd58a091b39ed52611ade20a782ef58ac33012af
- SHA256
  
  ceb0947d898bc2a55a50f092f5ed3f7be64ac1cd4661022eefd3edd4029213b0
- SHA512
  
  fdc43b3ee38f7beb2375c953a29db8bcf66b73b78ccc04b147e26108f3b650c0a431b276853bb8e08167d34a8cc9c6b7918daef9ebc0a4833b1534c5afac75e4
- SSDEEP
  
  12288:5hr4UC+Ju/A0BI4yWkoGKJwZ9axKmhYTMAO7wFKjCUmRyyPe:9JfyZFGKJjxKmhSMAB6CUmRyyPe
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  python27.dll
- Size
  
  8.2MB
- MD5
  
  271dcb664a7fd7a7c7c8ea6767312f7d
- SHA1
  
  6c6cb422f48620cd2a52ddb9c48f489ab77f9b7a
- SHA256
  
  71c5308d9eba6596ce02b39108aa2b7283bcf2253d23d316d475de83cd9c1e5c
- SHA512
  
  89aaca8c824c5cbf98c62a23c5ada9f17994fe13d6dc3d4be949b8ccfc66c8913062081f5e34edf29d5a43c06dd68d3f1589d89da58be5938776a1e2ecf2368e
- SSDEEP
  
  98304:6+OW0GlvGHAl0wmMghMtHIledkp8WmvJOCqpoKy99z++kH+YUGxI6Ha5HCW2HH5w:6+h0tAvmjimqOWl51zczU8HWKZxlzLlu
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  ssleay32.dll
- Size
  
  432KB
- MD5
  
  1ff93c76249bbfc1cf302b8bbbd0454a
- SHA1
  
  19ebfa84b51f1dc1336fa94ac2f348f0c3ead8e2
- SHA256
  
  5559bdd78f83de4ac4c9c60dd75047fe089ac4e0185b1703d97028e2f835c702
- SHA512
  
  a993e176127b83d57da832fe2634272e240ee47e351d23888a3a2ec07d316d579e2c2706df94165853b30dc07b0e7af0fd4a6052b421a0ff2806e41526efb333
- SSDEEP
  
  12288:u9hhdoAoyxqj+fmM+vtRHD5pDuX1kWOdqEnxDAm8zKt2GdiX3YJaFqsHbPKEq/PG:6sPWPke+Yv2
Score

1^/10
behavioral15 behavioral16
- Target
  
  x64/bin/Microsoft.VisualStudio.Setup.Download.dll
- Size
  
  303KB
- MD5
  
  01fcf5616da8122ce851bde1a9663424
- SHA1
  
  4e839d112af6e1b0ff3fb1ded4061f381b711717
- SHA256
  
  afec345579e0ce777ce5c28a69a9d09d863bbbd8aaff4bf35674df69d7f4919b
- SHA512
  
  f6714df5cdb5ef1dd2b244ec493217b3a134c6ab0fd630f1e9d7288524b091aece14e93fecaedf0adf6a7e58f7fcd4ef61989712f6a60d4f7713dbb701900e67
- SSDEEP
  
  3072:eY8A3oVn0y2ISzbrY+piKBDd/98Ob2KwfxRww9BLOSoKzrx89pp1Rvymj/LcnvA4:eVmoV09oK/nw9Bdz69p8nFlzW0z
Score

1^/10
behavioral17 behavioral18
- Target
  
  x64/bin/pdo_mysql_attr_errmode.phpt
- Size
  
  5KB
- MD5
  
  70bce1a111c12a2c9119f81ee48b19d2
- SHA1
  
  775ca345cf075b534075005d7a769df9d9266bb1
- SHA256
  
  356e43ed1cdb55b1c2ea16e19b71498d9b813191a4f9234fda24516eb76f0709
- SHA512
  
  adbfdd8fd14f3b353c86af9aea91aef09074cd103c42354a8b09fd1bf44d71a2ee732fddd0d705cb7e3517845c530427426454a1d0ff1b08b4f446239618ac99
- SSDEEP
  
  96:vd3LUoke+eHe2FnE9xJwz83QEhxozrsF0iRUHHpF0lhRnvxpF4ZoIVM6t:ZLU9By89xazahxOiR4HpWlhRvxpsu6t
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  x86/closures_003.phpt
- Size
  
  555B
- MD5
  
  49575bc6098914bcdd9171d4ab240107
- SHA1
  
  72396939155c815ae4df68267af32d8a4254739d
- SHA256
  
  a061b0aba3b5e2c9d3431c75b4068d09cdc238918c6b85782a3d391d7d95254f
- SHA512
  
  9baf6109ea314701bcb2dcd56e377dea1546bb9b10027555739367d3aaf7d65606e6882f13d401aecba5a6924653e757f52cc3b78f3ec07f530ab575c2a8264b
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  x86/gmp_scan1.phpt
- Size
  
  718B
- MD5
  
  56b93339e426cef573c73b246433ffeb
- SHA1
  
  fe9b6864d08c2339cd6091d1809e04d69224e8f1
- SHA256
  
  ff4899a29c016bca6ccf0bd2ab0476555c03a70090be3f90acd69e89fceba471
- SHA512
  
  6d6bd3cd9791d3d87835bb52d5db8aff6b5c603f5b348edca289e7b91ba3e148f2fe6bb04403a26fab78d25067c4a926fb8c007ea663bd49d7fab204864a1d5f
Score

3^/10

execution
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

lummadiscoverystealer

behavioral4

lummadiscoverystealer

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24