lumma | 4154e02a0d922fefb72812b972808dbf6c3f0a9108f577b641c9a57cf8d8d342 | Triage

Sharing

General

Target

87.247.158.212.ps1
Size

525KB
Sample

250114-vj5g1awjfl
MD5

5259076d6fd45bf7ddbb866c169541db
SHA1

67549b5a010f40a004558b2c250829c9dc4d869b
SHA256

4154e02a0d922fefb72812b972808dbf6c3f0a9108f577b641c9a57cf8d8d342
SHA512

17faa2a63e9cc2e927f517ce34bdfc17e4d2229b9eb745dcbabd84c2800e853c4fa9fb0e2ef7420f1d259137dc37394fe0e7e7972520de79067837f7cff7cfc1
SSDEEP

6144:eVe/8jH/fkbaAiHnVExoyZYwOiY1LBSUkf2jFgdIVgMbJN+5PVu1Zhn6w/lAVigM:eFwoW2h7dVI42CoeUJ2z6m20VFqwg2

Score

10^/10

lumma discovery execution stealer

Malware Config

Extracted

Family

lumma

C2

https://buynostopliik.shop/api

Targets

- Target
  
  87.247.158.212.ps1
- Size
  
  525KB
- MD5
  
  5259076d6fd45bf7ddbb866c169541db
- SHA1
  
  67549b5a010f40a004558b2c250829c9dc4d869b
- SHA256
  
  4154e02a0d922fefb72812b972808dbf6c3f0a9108f577b641c9a57cf8d8d342
- SHA512
  
  17faa2a63e9cc2e927f517ce34bdfc17e4d2229b9eb745dcbabd84c2800e853c4fa9fb0e2ef7420f1d259137dc37394fe0e7e7972520de79067837f7cff7cfc1
- SSDEEP
  
  6144:eVe/8jH/fkbaAiHnVExoyZYwOiY1LBSUkf2jFgdIVgMbJN+5PVu1Zhn6w/lAVigM:eFwoW2h7dVI42CoeUJ2z6m20VFqwg2
Score

10^/10

execution lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummadiscoveryexecutionstealer