lumma | 9d3bff1e8d84def24d52982b30cdda2403fb5645ac7e1b6fa7143c3810bb664d

Sharing

Copy URL

Twitter E-mail

General

Target

Exloader.zip
Size

5.0MB
Sample

250109-z9w1rstmgr
MD5

d063d4ed1825677c49318334f4f5715d
SHA1

15bb70f974a021141104ad7fd624246f3d3f8518
SHA256

9d3bff1e8d84def24d52982b30cdda2403fb5645ac7e1b6fa7143c3810bb664d
SHA512

6327b1d8f271e14d385eaf593036cf4eec8b2d316187c34267078347908f90bfa8762ad4e7b5288e3c3f19134383f948c7feebfe0b63c7be4b55f01252f57ce9
SSDEEP

98304:FEIOf75mbmYkp4HnrQxOnC0/lWYMKKfmsSfjHut3dokFZulIRJh1QxqxOBiesK:uDNmCYkp4Hnr2x0/qZuVjOt3dhF8Sjhs

Score

10^/10

Malware Config

Extracted

Family

lumma

https://robinsharez.shop/api

https://handscreamny.shop/api

https://chipdonkeruz.shop/api

https://versersleep.shop/api

https://crowdwarek.shop/api

https://apporholis.shop/api

https://femalsabler.shop/api

https://soundtappysk.shop/api

https://letterdrive.shop/api

Targets

- Target
  
  Exloader/7zxa.dll
- Size
  
  8.9MB
- MD5
  
  d1a017b1cd87305dfc1c4684b03168fc
- SHA1
  
  e86d686b32040b58a41ec421e2192a9fd14561d1
- SHA256
  
  fb164d4fb775f9550920d241d6f87acc398f3d1e3e569cae0ed267f57b11e02d
- SHA512
  
  3591158827391d26befec0ba0086f268a950c247510576f76edba5184fb52d67efef59fac0bef355a045a0b2a41960efc3656fac10aefa694415873a16898d98
- SSDEEP
  
  49152:bdpYR5C8WAv8ZPzxCwhHst6DHXhHdTPkhWQt9tPChinHB5T/qwrZxJ2YR/a:gC4tPoMHPqKJ2YA
Score

1^/10
behavioral1 behavioral2
- Target
  
  Exloader/Data/MimeKit.dll
- Size
  
  1.1MB
- MD5
  
  007c665a952587526f08fab9c84b0973
- SHA1
  
  e98a30dbd4421a0b06224eac66e5db3db052de49
- SHA256
  
  4bde60d1eb8f31844097e609db2874d138ba896d530a195572c19b7ae3014f95
- SHA512
  
  3ac4d8c322bb0b601e60c9068ad0a83e80543cc0233d16c277d430b015f74a685715dd37a62e13b69505935ab39f204d443615f372329b030bf98a4c89ebc1df
- SSDEEP
  
  12288:2ojHuG7qgJZ3W4vlnTZ6/hsHH6c/l6gSttAd7b52lD3qWh21UyKCzrZGG5uqgoz:2OzqAZG47lHH6c/l6gQ21XK+rAGE3oz
Score

1^/10
behavioral3 behavioral4
- Target
  
  Exloader/Data/System.Buffers.dll
- Size
  
  20KB
- MD5
  
  ecdfe8ede869d2ccc6bf99981ea96400
- SHA1
  
  2f410a0396bc148ed533ad49b6415fb58dd4d641
- SHA256
  
  accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb
- SHA512
  
  5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741
- SSDEEP
  
  384:/rMdp9yXOfPfAxR5zwWvYW8a2cyHRN7vCvlbLg:/rMcXP6N6e
Score

1^/10
behavioral5 behavioral6
- Target
  
  Exloader/RarExt.dll
- Size
  
  2.4MB
- MD5
  
  ed48227dc6b9d864a143860aabf7a6a0
- SHA1
  
  e1006e30d3b46fc3653670b87c9288345442bdd6
- SHA256
  
  ca28db0c93c75fb5c010e1ec2a49f52bd823665db41a4d1a5ff35a0e9c3837a3
- SHA512
  
  d8b7375cad136a92c646f1e30a1777fab2ff3f1af83b514e5a98e759303b11ba9b688d62c7688faa99798cb84f7a68386dbc034ae446896e4be9892b00fb2ed2
- SSDEEP
  
  49152:rtmNUM5ex9duVqpy2suVH9BAzvWF4i1TxWLcOGTGS4gYe:rIJebHbAzv1Iz
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Exloader/exland_setup_v3.exe
- Size
  
  519KB
- MD5
  
  e65b9d796febfbf98d7887a2c50a11cc
- SHA1
  
  b3f0697389f8c58838db281f23f1740053e5416b
- SHA256
  
  12fe4165742c6d9020723d6abb9a1c10c3fa738e52ac353690780615af7f895c
- SHA512
  
  c09f291e374c5f2b001ec657881b3206a902a3eaa15564dc47be8d9acebe709f4b4ee1278e4f38d1ece31f4657f7b440444ffbb228b8fdf58d1dfcf13ad08aff
- SSDEEP
  
  12288:buYx6vQBHZi+4dD/aCXRYdAIo6QTcutL547S:bFsYBHZi+4dD/aChYdAIohTDL
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral10 behavioral9
- Target
  
  Exloader/psmachine_arm.dll
- Size
  
  3.4MB
- MD5
  
  e10313cd4664ee3140ad740602f1d5e3
- SHA1
  
  dd49494c146239a22853a200594a51e4587394a2
- SHA256
  
  9b77d8833734862b7eef9dfdb4aaca70ae4e5fca86fa9f1cd559c4d7abe3f4e7
- SHA512
  
  814b30e79e6be26cd291e2a5e3e02d3a58d505f319afa6435497adcb4c17b419a24e383f7a6946a69c319be15581a913a22b676fc7516b8103744fc8e3e02dfc
- SSDEEP
  
  49152:U3cNOSm6Pyk7BrPRsKLhFxHzfydZp1CTeSo03/F:UiFhvzfQS9
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12