lumma | 1fb402868f12534dc3b8831b5d0b2eef484756079a0b5bd65befed716b9fda69 | Triage

Sharing

General

Target

2025-01-09_b874c330b2d5405ec75c422053198a88_frostygoop_poet-rat_snatch
Size

6.2MB
Sample

250109-xhdzrsxnby
MD5

b874c330b2d5405ec75c422053198a88
SHA1

5f37baac1e873bf97746e9683c9ad62c5682d236
SHA256

1fb402868f12534dc3b8831b5d0b2eef484756079a0b5bd65befed716b9fda69
SHA512

462f6aec8a3769371e7b1ee3a4700e22187ccb00533d7cc877ed5b9577219ccbec6570b9407446157533d71b32c973604c8ce7c0c3d39b7cf6c4a7cf339015e3
SSDEEP

49152:zSJ1vjmsdptxef2FajrvbpBJ1CKUzOColPrznlRSraPdLs+LXK25JZEwCJHoo9Ue:zSLaYXxtcrvTvUynPmwuHn9Uq+3R

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://flockanxiius.sbs/api

Targets

- Target
  
  2025-01-09_b874c330b2d5405ec75c422053198a88_frostygoop_poet-rat_snatch
- Size
  
  6.2MB
- MD5
  
  b874c330b2d5405ec75c422053198a88
- SHA1
  
  5f37baac1e873bf97746e9683c9ad62c5682d236
- SHA256
  
  1fb402868f12534dc3b8831b5d0b2eef484756079a0b5bd65befed716b9fda69
- SHA512
  
  462f6aec8a3769371e7b1ee3a4700e22187ccb00533d7cc877ed5b9577219ccbec6570b9407446157533d71b32c973604c8ce7c0c3d39b7cf6c4a7cf339015e3
- SSDEEP
  
  49152:zSJ1vjmsdptxef2FajrvbpBJ1CKUzOColPrznlRSraPdLs+LXK25JZEwCJHoo9Ue:zSLaYXxtcrvTvUynPmwuHn9Uq+3R
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer