lumma | e16d78ab53bb526e5a2012354c27b973f6553fb9098ae2f06a6aaad077b92135 | Triage

Sharing

General

Target

e16d78ab53bb526e5a2012354c27b973f6553fb9098ae2f06a6aaad077b92135
Size

1.3MB
Sample

250113-nvp35atjcr
MD5

82805a002c55898c9675b75a45c220ae
SHA1

13805462070a9ca82e6910e764c6733ce5a20571
SHA256

e16d78ab53bb526e5a2012354c27b973f6553fb9098ae2f06a6aaad077b92135
SHA512

652072dab904886ecec45641fa5cbe79e434f620ea215b03dde453af449d5bd1d78e50278f00b9c7b64fd82bb539fbeeee70cca762038c3a8f36a3e75e4f627c
SSDEEP

24576:uZnUV/+JoEMvvg71CcErlBf9xuEpmflbrF84v7DEXor3iaRc:uyV/YWHjHruptXVcQS

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://toppywook.shop/api

Targets

- Target
  
  e16d78ab53bb526e5a2012354c27b973f6553fb9098ae2f06a6aaad077b92135
- Size
  
  1.3MB
- MD5
  
  82805a002c55898c9675b75a45c220ae
- SHA1
  
  13805462070a9ca82e6910e764c6733ce5a20571
- SHA256
  
  e16d78ab53bb526e5a2012354c27b973f6553fb9098ae2f06a6aaad077b92135
- SHA512
  
  652072dab904886ecec45641fa5cbe79e434f620ea215b03dde453af449d5bd1d78e50278f00b9c7b64fd82bb539fbeeee70cca762038c3a8f36a3e75e4f627c
- SSDEEP
  
  24576:uZnUV/+JoEMvvg71CcErlBf9xuEpmflbrF84v7DEXor3iaRc:uyV/YWHjHruptXVcQS
Score

10^/10

discovery lumma stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummadiscoverystealer