lumma | fa9cf901bd2c9359d2efc09f8adb1baa12ae56b841ba06dd057cefd58c778316

Resubmissions

11-01-2025 14:25

250111-rq9hra1mds 10

11-01-2025 14:22

11-01-2025 14:21

11-01-2025 14:20

11-01-2025 14:15

Sharing

Copy URL

Twitter E-mail

General

Target

toto.txt
Size

499B
Sample

250111-rnmk7stmcm
MD5

a54ada657efbbe1395598aae1bdac1f9
SHA1

a7887658eebba20bd97e43010ac5ffd5b972a273
SHA256

fa9cf901bd2c9359d2efc09f8adb1baa12ae56b841ba06dd057cefd58c778316
SHA512

f78a115a61450bd156959371572730c7c6a262907ae6dfc33fbafe77660cc5c5db0e9ca2795750f069efdce8d5f0f033d61aed50097fe89e94d59e3c89e1184b

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://human-cldf.com/gamdos.zip

Extracted

Family

lumma

https://shitwavvez.cyou/api

Targets

- Target
  
  toto.txt
- Size
  
  499B
- MD5
  
  a54ada657efbbe1395598aae1bdac1f9
- SHA1
  
  a7887658eebba20bd97e43010ac5ffd5b972a273
- SHA256
  
  fa9cf901bd2c9359d2efc09f8adb1baa12ae56b841ba06dd057cefd58c778316
- SHA512
  
  f78a115a61450bd156959371572730c7c6a262907ae6dfc33fbafe77660cc5c5db0e9ca2795750f069efdce8d5f0f033d61aed50097fe89e94d59e3c89e1184b
Score

10^/10

execution lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Blocklisted process makes network request

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2