lumma | 413c17f73a0831d6ae209e491856a66e07e8c0af70e7e06f68a7b7570ccb3a95 | Triage

Resubmissions

14-01-2025 02:39

250114-c5d8tstrds 1

14-01-2025 02:26

250114-cwtxxswpcn 10

Sharing

General

Target

413c17f73a0831d6ae209e491856a66e07e8c0af70e7e06f68a7b7570ccb3a95.msi
Size

16.1MB
Sample

250114-cwtxxswpcn
MD5

18577f68754f3e2703cdca2df9ba65ff
SHA1

8d8846470510b1b6f81c0725975c7c3589568bb3
SHA256

413c17f73a0831d6ae209e491856a66e07e8c0af70e7e06f68a7b7570ccb3a95
SHA512

eb238a258b0dfe40716c2a8bc847951abbac4e7224ecefcb13be559a63cc39e6645e406764991cb60b87aa082196b890ff78c3c25c659b851eb02c4064e8eaec
SSDEEP

393216:LPF3zv8Zrqb+CUuubX26jytnTPjnXcBv9k2VvOTp:JzwqNUHytvnMd9Z

Score

10^/10

lumma discovery persistence privilege_escalation stealer

Malware Config

Extracted

Family

lumma

C2

https://impend-differ.biz/api

https://print-vexer.biz/api

https://dare-curbys.biz/api

https://covery-mover.biz/api

https://formy-spill.biz/api

https://dwell-exclaim.biz/api

https://zinc-sneark.biz/api

https://se-blurry.biz/api

Targets

- Target
  
  413c17f73a0831d6ae209e491856a66e07e8c0af70e7e06f68a7b7570ccb3a95.msi
- Size
  
  16.1MB
- MD5
  
  18577f68754f3e2703cdca2df9ba65ff
- SHA1
  
  8d8846470510b1b6f81c0725975c7c3589568bb3
- SHA256
  
  413c17f73a0831d6ae209e491856a66e07e8c0af70e7e06f68a7b7570ccb3a95
- SHA512
  
  eb238a258b0dfe40716c2a8bc847951abbac4e7224ecefcb13be559a63cc39e6645e406764991cb60b87aa082196b890ff78c3c25c659b851eb02c4064e8eaec
- SSDEEP
  
  393216:LPF3zv8Zrqb+CUuubX26jytnTPjnXcBv9k2VvOTp:JzwqNUHytvnMd9Z
Score

10^/10

lumma discovery persistence privilege_escalation stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverypersistenceprivilege_escalationstealer

behavioral2

lummadiscoverypersistenceprivilege_escalationstealer