lumma | f1280ad6d45710afa6fa3f44f19e2390e8fcdc72b04ee3ac0eee739ed8d73ba6 | Triage

Sharing

General

Target

MultiHack v1.8.zip
Size

3.7MB
Sample

250110-284qbssmbw
MD5

21999c283e40354f9afa5b9648b77fc2
SHA1

4bc28b361ef2045e979ad1e4db462898e8a03dd2
SHA256

f1280ad6d45710afa6fa3f44f19e2390e8fcdc72b04ee3ac0eee739ed8d73ba6
SHA512

df6b2b643e985f7857f3709c146c157c3e17324881dcc3eab4488768ed49f53818eb4ad7b37e786b325c2eaa19169259691427f0ad4eb8ef774a091178ebf464
SSDEEP

49152:kRy9fGgwaV3FcPvP0+LGScC03k6WTAK+K78qDyJcHxLrP+koOQLXbuv3iO5yXL7x:8U+gwaVVcvJXI32+zUOqpnoOr/ixX6o

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://truculengisau.biz/api

https://spookycappy.biz/api

https://punishzement.biz/api

https://nuttyshop/api

https://nuttyshopr.biz/api

https://marketlumpe.biz/api

https://littlenotii.biz/api

https://grandiouseziu.biz/api

https://fraggielek.biz/api

Extracted

Family

lumma

C2

https://fraggielek.biz/api

https://grandiouseziu.biz/api

https://littlenotii.biz/api

https://marketlumpe.biz/api

https://nuttyshopr.biz/api

https://punishzement.biz/api

https://spookycappy.biz/api

https://truculengisau.biz/api

Targets

- Target
  
  MultiHack v1.8/Loader.exe
- Size
  
  345KB
- MD5
  
  af8c79e72618067111d02f743943d915
- SHA1
  
  1a570b532bd5ddef3a4ee9c6266dcaee59cfe3aa
- SHA256
  
  e36248278653c3a331c82d8bbf0faf9c96a07ed2f1ae694e239a6060c712a665
- SHA512
  
  bd2ac826f4fe7b4c25c7a136bf5c1ef031ea764e0a6e0ce337a605679207450a2d801478faa83500acc32f28236aa4651c80f841f2de8e1af181b2979595a2b3
- SSDEEP
  
  6144:dVQyGO2hf4TnxD6RZdxFaaa4H2vXvFNDxwY3El8o/WMcZIjKH2LlgH1rzArF:XQJhhf4Lodx0aai2PNNa4ElPwi+of
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  MultiHack v1.8/val.dll
- Size
  
  963KB
- MD5
  
  7c048c20a3646de663105007e98f820f
- SHA1
  
  b7a2c7bff356ba01ac255645cec2f4806eb3eb86
- SHA256
  
  70d5a4768ea33a2e0a2973794e83f60bddcd02cf779bdb4cbaa2187c12f50cd8
- SHA512
  
  2f672c1511dd9e1c7f8d1b2b4c562ee11dce9f5f68e9122f93fe93f1b6c5a5cf768152c580f6fa6367aae0c5b9a0a44bac17d4a9f6ede4af16ea557b6a8348e0
- SSDEEP
  
  12288:5hck3e3bUe6kzMYj2SnYXEZZmghIGDtrMlwHDD+9rJLjoenh7dKLhWU2wGlrkTce:5SiT51KAm3+iB8wOcxFlBfcit
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer

behavioral3

behavioral4