lumma | ca0cc1b3d32ba24cb7a8689f8ccabf8e3afcf709e4ed3ac6d87a89b7a28376ef | Triage

Sharing

General

Target

2025-01-12_69414292b01e283be9ac0d70467dd0fd_frostygoop_poet-rat_snatch
Size

8.3MB
Sample

250112-2c59aaslgz
MD5

69414292b01e283be9ac0d70467dd0fd
SHA1

f59c79d18c51a4c9ba66416a2ee5e11d36c09096
SHA256

ca0cc1b3d32ba24cb7a8689f8ccabf8e3afcf709e4ed3ac6d87a89b7a28376ef
SHA512

45998236b0cab153636d8f105afbe89e1760a6b496add10a97053b5f7d42ccad3ef69c46c4ea675e452db509ffa6c3bc71dc93aa1a42ee9987026ae0de1473e6
SSDEEP

98304:LZr2lIQGhEsCfoFyBlSeemt+TyViqoLb9ZzSUNzf+MhxEr71c:t62QQyBlSOwTyMpe

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://owerinternal.sbs/api

Targets

- Target
  
  2025-01-12_69414292b01e283be9ac0d70467dd0fd_frostygoop_poet-rat_snatch
- Size
  
  8.3MB
- MD5
  
  69414292b01e283be9ac0d70467dd0fd
- SHA1
  
  f59c79d18c51a4c9ba66416a2ee5e11d36c09096
- SHA256
  
  ca0cc1b3d32ba24cb7a8689f8ccabf8e3afcf709e4ed3ac6d87a89b7a28376ef
- SHA512
  
  45998236b0cab153636d8f105afbe89e1760a6b496add10a97053b5f7d42ccad3ef69c46c4ea675e452db509ffa6c3bc71dc93aa1a42ee9987026ae0de1473e6
- SSDEEP
  
  98304:LZr2lIQGhEsCfoFyBlSeemt+TyViqoLb9ZzSUNzf+MhxEr71c:t62QQyBlSOwTyMpe
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer