lumma | 34919eb3375d7137817c42914e712baef9a239d6be80ed7a7e58e5b2b1874a29 | Triage

Sharing

General

Target

cryptic_executor.7z
Size

17.4MB
Sample

250110-sxht2sykcz
MD5

51d89c40c01b2837263657140aa2d8c9
SHA1

7ad04309646a00121e2e761c3258f345a9992853
SHA256

34919eb3375d7137817c42914e712baef9a239d6be80ed7a7e58e5b2b1874a29
SHA512

e593e5817cbf82073d192edc4a033c3729b9d7407d1f6a554d6542b97105fa3bd8cf2dc2c94db10d429134a85c326ed826faa7a0ce1a8b0d977d483535379192
SSDEEP

393216:iGenzqGCz38SYTKLjJHEHKYl1dkVNAC5sV38HLBnTA5CZknyi0rK:pKO1FYII1dkVN9uVMRTAs2IG

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://openlievenj.sbs/api

https://fraggielek.biz/api

https://grandiouseziu.biz/api

https://littlenotii.biz/api

https://marketlumpe.biz/api

https://nuttyshopr.biz/api

https://punishzement.biz/api

https://spookycappy.biz/api

https://truculengisau.biz/api

Targets

- Target
  
  cryptic_executor.7z
- Size
  
  17.4MB
- MD5
  
  51d89c40c01b2837263657140aa2d8c9
- SHA1
  
  7ad04309646a00121e2e761c3258f345a9992853
- SHA256
  
  34919eb3375d7137817c42914e712baef9a239d6be80ed7a7e58e5b2b1874a29
- SHA512
  
  e593e5817cbf82073d192edc4a033c3729b9d7407d1f6a554d6542b97105fa3bd8cf2dc2c94db10d429134a85c326ed826faa7a0ce1a8b0d977d483535379192
- SSDEEP
  
  393216:iGenzqGCz38SYTKLjJHEHKYl1dkVNAC5sV38HLBnTA5CZknyi0rK:pKO1FYII1dkVN9uVMRTAs2IG
Score

1^/10
behavioral1 behavioral2
- Target
  
  appFile.exe
- Size
  
  849.2MB
- MD5
  
  fd6d84c95104e45deedda3af25de54ab
- SHA1
  
  60dfd364afb0214ffc5ed3efda4d45a72c919fea
- SHA256
  
  2f1f7a168292f037c5fe36712ddff61d85b6b02515302bafd1d7d563fec2ad67
- SHA512
  
  340294300bfcd171ce3f0cf954ffcfecf50d7b82e8700348893d30a5be7c8d9c4db1f2770af7c1c7ef378d3551302cdb92833c07f065b9aabcf2337c34044266
- SSDEEP
  
  393216:mRpKL7pt6UTUxOtUq8+OHELsFWEjjmAbwoNKZ+XsBXNS35Vs7e07nbX2sAYoI:gKPuFx0URr/K+X134nby
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Process Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

lummadiscoverystealer

behavioral4