lumma | 888ff4b4bd55849606b85e258c2baeb82833791f33c4036cb85775c5e490664b | Triage

Sharing

General

Target

file.exe
Size

866.2MB
Sample

250112-y16ceaznck
MD5

f60a44463804e2bb5426e6702c6ac7de
SHA1

c8db06d0a3d74f17b1f7c956aa3ece7ee8a134dc
SHA256

888ff4b4bd55849606b85e258c2baeb82833791f33c4036cb85775c5e490664b
SHA512

c172dc7e73a5fcc826ba3e48752c4d755079c3d053a68ba0652def9a1b5a9591cc7493bdc0d73057db2e332b070fdae9b115b3a762be230ac7079f5f21bfc127
SSDEEP

196608:U0o55K6f2aVCANr5cHrAABoYvCO+SWDyUAT:+5MQVhNr+LAABRT+SuFs

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://changeablemagent.cyou/api

Targets

- Target
  
  file.exe
- Size
  
  866.2MB
- MD5
  
  f60a44463804e2bb5426e6702c6ac7de
- SHA1
  
  c8db06d0a3d74f17b1f7c956aa3ece7ee8a134dc
- SHA256
  
  888ff4b4bd55849606b85e258c2baeb82833791f33c4036cb85775c5e490664b
- SHA512
  
  c172dc7e73a5fcc826ba3e48752c4d755079c3d053a68ba0652def9a1b5a9591cc7493bdc0d73057db2e332b070fdae9b115b3a762be230ac7079f5f21bfc127
- SSDEEP
  
  196608:U0o55K6f2aVCANr5cHrAABoYvCO+SWDyUAT:+5MQVhNr+LAABRT+SuFs
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer