lumma | 8d6745b6cd24f23b24aa0f7f310d3d4b1e36621fd60a38c795a8a14c2473f189

General

Target

stsvc.iso
Size

15.9MB
Sample

250113-jftqjsvqdm
MD5

77f4448ca23d34464b9d5ddaa64a2aa1
SHA1

52bede15319bf953f90b58273e7d569d0eb97fd2
SHA256

8d6745b6cd24f23b24aa0f7f310d3d4b1e36621fd60a38c795a8a14c2473f189
SHA512

9c33b4069699c8f989e7931a58049281eb144bea0848fa59eacf4bb50ba0799e5af42ac9b99e091ee772d8eb97aaa50286ecd3b4996d2fce4685035bf4b42c61
SSDEEP

393216:w8oy3mBlO804aw9tFhJMyUw/SZSRghMsppopHe:wkneacbfUw/tRghMs/o

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://sordid-snaked.cyou/api

https://awake-weaves.cyou/api

https://wrathful-jammy.cyou/api

https://debonairnukk.xyz/api

https://diffuculttan.xyz/api

https://effecterectz.xyz/api

https://deafeninggeh.biz/api

https://immureprech.biz/api

Targets

- Target
  
  stsvc.exe
- Size
  
  15.6MB
- MD5
  
  54c9491e0087766f83c6e67cbd568f2b
- SHA1
  
  f2e8823382c00a1c0ff3c44e727bbe7ba1a5eab4
- SHA256
  
  80995c3d41b7ab5178e77baeea0fa6fde3429a439c553e4a00fc1eef763cc415
- SHA512
  
  275bef6c614b4e88a5fd9a350987b74e5b8bb6c17b155baa5204b3479d258ac6e9abebe87d1ec82272f71262334dc11b77c160fa047416adbd97a69dd774e544
- SSDEEP
  
  393216:k8oy3mBlO804aw9tFhJMyUw/SZSRghMsppopHe:kkneacbfUw/tRghMs/o
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2