lumma | caf35c1c37e5639b184e09ca043271a427925c2481a34cc6aaeed225909d55ad | Triage

Sharing

General

Target

Aura.zip
Size

55.6MB
Sample

250110-2dv5pstkcr
MD5

246a8013f9599338b17db8b13aa91ca5
SHA1

a325552e79253dbf5445c9769bce86848acf0682
SHA256

caf35c1c37e5639b184e09ca043271a427925c2481a34cc6aaeed225909d55ad
SHA512

e4b47a0559464ab14d6ebdfcb44baf0df610e57ae58467d532bdf11348c1d3624e19785c67dec97a9263c54041bbf78dcd971fbceca838f41898aa4291c89638
SSDEEP

1572864:bl/OTRb/yq7nuJmNKatPPYdh9ym/I+9j8uIbREQd:xob/ysnuIMatPPY4+NYEW

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://whisperusz.biz/api

https://fraggielek.biz/api

https://grandiouseziu.biz/api

https://littlenotii.biz/api

https://marketlumpe.biz/api

https://punishzement.biz/api

https://spookycappy.biz/api

Targets

- Target
  
  Aura.zip
- Size
  
  55.6MB
- MD5
  
  246a8013f9599338b17db8b13aa91ca5
- SHA1
  
  a325552e79253dbf5445c9769bce86848acf0682
- SHA256
  
  caf35c1c37e5639b184e09ca043271a427925c2481a34cc6aaeed225909d55ad
- SHA512
  
  e4b47a0559464ab14d6ebdfcb44baf0df610e57ae58467d532bdf11348c1d3624e19785c67dec97a9263c54041bbf78dcd971fbceca838f41898aa4291c89638
- SSDEEP
  
  1572864:bl/OTRb/yq7nuJmNKatPPYdh9ym/I+9j8uIbREQd:xob/ysnuIMatPPY4+NYEW
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2