lumma | e8ebcf26067b8a4884bd93c2d60293df54d2c73607b3731bf2463092fca3c188 | Triage

Sharing

General

Target

2025-01-14_1fd1dd5df1efa7c80c8c4c37bcb9e43a_frostygoop_poet-rat_snatch
Size

6.7MB
Sample

250114-b5qfesvrfq
MD5

1fd1dd5df1efa7c80c8c4c37bcb9e43a
SHA1

b02fa9ea57979485a99fe1bc709514d7123f5095
SHA256

e8ebcf26067b8a4884bd93c2d60293df54d2c73607b3731bf2463092fca3c188
SHA512

57e9c2b6ddc7afa60d3ed1956886cdbbfee584b402fa9bd054ea83cb013d67eef67f6480de44291d152a53aaa180500a8a6b35a9f7bacdbc8404574555d69852
SSDEEP

49152:QA7pSsG2DPb7WNKrluGNtjIbOpP1tEzeikAtkINoyZbojL3bkR+q62kGFLr2w1bv:X7pSSzqNKhfNZEzSAtnWKhu+CdOJKv

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://sailstrangej.cyou/api

Targets

- Target
  
  2025-01-14_1fd1dd5df1efa7c80c8c4c37bcb9e43a_frostygoop_poet-rat_snatch
- Size
  
  6.7MB
- MD5
  
  1fd1dd5df1efa7c80c8c4c37bcb9e43a
- SHA1
  
  b02fa9ea57979485a99fe1bc709514d7123f5095
- SHA256
  
  e8ebcf26067b8a4884bd93c2d60293df54d2c73607b3731bf2463092fca3c188
- SHA512
  
  57e9c2b6ddc7afa60d3ed1956886cdbbfee584b402fa9bd054ea83cb013d67eef67f6480de44291d152a53aaa180500a8a6b35a9f7bacdbc8404574555d69852
- SSDEEP
  
  49152:QA7pSsG2DPb7WNKrluGNtjIbOpP1tEzeikAtkINoyZbojL3bkR+q62kGFLr2w1bv:X7pSSzqNKhfNZEzSAtnWKhu+CdOJKv
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer