lumma | d4d3992ed00504f3f0ee087687b655c9bd98cf2ad345a7c58a2654706192c873 | Triage

Sharing

General

Target

PortugalForum_nopump.exe
Size

1.0MB
Sample

250110-mm9bcssjgt
MD5

c944017da5de050c1538cd9d03658b3c
SHA1

4ced8ba4ee138c33940afdbec83e9b2c318ed9a7
SHA256

d4d3992ed00504f3f0ee087687b655c9bd98cf2ad345a7c58a2654706192c873
SHA512

bbac1e9d702464a24f9c418dcea2305815acbb1a5a249170fb380bb913c5e1e0f82d26a305fe06a869c973e750fee122cd7a223c7b402ab1f1239750a00531f0
SSDEEP

24576:Ga88iU++Wl4qyvCCGY9CaHl/JqLDRRBtspOJ2SUT:9TW+qyvCaJqfRR7f2F

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://ingreem-eilish.biz/api

Targets

- Target
  
  PortugalForum_nopump.exe
- Size
  
  1.0MB
- MD5
  
  c944017da5de050c1538cd9d03658b3c
- SHA1
  
  4ced8ba4ee138c33940afdbec83e9b2c318ed9a7
- SHA256
  
  d4d3992ed00504f3f0ee087687b655c9bd98cf2ad345a7c58a2654706192c873
- SHA512
  
  bbac1e9d702464a24f9c418dcea2305815acbb1a5a249170fb380bb913c5e1e0f82d26a305fe06a869c973e750fee122cd7a223c7b402ab1f1239750a00531f0
- SSDEEP
  
  24576:Ga88iU++Wl4qyvCCGY9CaHl/JqLDRRBtspOJ2SUT:9TW+qyvCaJqfRR7f2F
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer