lumma | 76fe2a70d764e2dec6639ba33f9f6fa1e94b7be3108b1b08022ea768a158fd84 | Triage

Submit
Reports

Overview

overview

Static

static

1

Untitled design.png

windows11-21h2-x64

Sharing

General

Target

Untitled design.png
Size

183KB
Sample

250110-3njp4awkel
MD5

bd8092e24f639ed1fbaa87745db569d0
SHA1

15f7c9d155057a2660985157d464a733eea9c395
SHA256

76fe2a70d764e2dec6639ba33f9f6fa1e94b7be3108b1b08022ea768a158fd84
SHA512

1ddd6b9a8053a4e3033abb20617e999c9d4c7546123191ff4fc3813f0a7bb66d820fd8ec36de5c7234fd9f689b2def217550ba161966d9afed26586edf24ec73
SSDEEP

3072:OOJbFhztEHNFIwY8zTsP2Q83cTPxoDepexSGhDMKGNQJYW1lWQrTyBLwLL6:OitWiwY8zAPo+PxoDosDhgKGCSW1F6th

Score

10^/10

lumma defense_evasion discovery execution stealer

Static task

static1

Behavioral task

behavioral1

Sample

Untitled design.png

Resource

win11-20241007-en

lumma defense_evasion discovery execution stealer

windows11-21h2-x64

21 signatures

600 seconds

Malware Config

Extracted

Family

lumma

C2

https://robinsharez.shop/api

https://handscreamny.shop/api

https://chipdonkeruz.shop/api

https://versersleep.shop/api

https://crowdwarek.shop/api

https://apporholis.shop/api

https://femalsabler.shop/api

https://soundtappysk.shop/api

https://bashusolici.sbs/api

Targets

- Target
  
  Untitled design.png
- Size
  
  183KB
- MD5
  
  bd8092e24f639ed1fbaa87745db569d0
- SHA1
  
  15f7c9d155057a2660985157d464a733eea9c395
- SHA256
  
  76fe2a70d764e2dec6639ba33f9f6fa1e94b7be3108b1b08022ea768a158fd84
- SHA512
  
  1ddd6b9a8053a4e3033abb20617e999c9d4c7546123191ff4fc3813f0a7bb66d820fd8ec36de5c7234fd9f689b2def217550ba161966d9afed26586edf24ec73
- SSDEEP
  
  3072:OOJbFhztEHNFIwY8zTsP2Q83cTPxoDepexSGhDMKGNQJYW1lWQrTyBLwLL6:OitWiwY8zAPo+PxoDosDhgKGCSW1F6th
Score

10^/10

lumma defense_evasion discovery execution stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

lummadefense_evasiondiscoveryexecutionstealer

© 2018-2025

Terms | Privacy