Overview

overview

10

Static

static

1

61c2f08d40...15.exe

windows7-x64

10

61c2f08d40...15.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6d9439c5afd2cb8deeb2bd71a93e7828.bin

  • Size

    1.2MB

  • Sample

    250112-btd81sypdw

  • MD5

    697b040efaf84446cd8c544409e221ef

  • SHA1

    75cce4a1b06c1e14a82c973310401a4acb5db881

  • SHA256

    1e770b23b8dec3c442aaf24009839cc68280d10d9379eb9b3a0e7aa329a915db

  • SHA512

    b531686f933af4203acf1f25c2258c2e051c806b04ddb8274e4391fc2f3578047b7dc376496acc362c23bd219d5b4cd9024f241b28f5eb44a159140278d79ea3

  • SSDEEP

    24576:b9XTUUJGxWyguoPZAJuNlUIRh1zCYmD926IDaJtx1exvn0LjnNdrFjjpBCgHLHt:bxzyguqAgR3zlK3fGxP0LjrppMKLHt

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://rhetoricakue.cyou/api

Targets

    • Target

      61c2f08d40d9d6d4a8bb4cc109ae7489c0dd263739898f90f67df75c414bea15.exe

    • Size

      70.0MB

    • MD5

      6d9439c5afd2cb8deeb2bd71a93e7828

    • SHA1

      392ffe0569edd73a17f33a95b1aa780aa03903c6

    • SHA256

      61c2f08d40d9d6d4a8bb4cc109ae7489c0dd263739898f90f67df75c414bea15

    • SHA512

      dde7c930427a85c18c21fcfb5d53c800b6bba2b79bf5058afd75b7119d419953194a0e32383ab3267b24823fcdd9129003f37058cad90518cee256460ba3f428

    • SSDEEP

      24576:Ytduzei3c4w+MTFpkqcsv2qBa7tsp0Lclw4BrlRHu:Sni3c4kHkNsv2H7SpOIrBrlRHu

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks