lumma | 335f697c3be8cac622f3ebcd5107b0bad45ac1de22f7c06fffd334ebffe22f7a | Triage

Sharing

General

Target

2025-01-16_60bb08876657fa77f5ff832c114f6464_frostygoop_poet-rat_snatch
Size

5.4MB
Sample

250116-b8g88awnhm
MD5

60bb08876657fa77f5ff832c114f6464
SHA1

2f8a1ee884425d7576e50a6a186bc44a9d22efba
SHA256

335f697c3be8cac622f3ebcd5107b0bad45ac1de22f7c06fffd334ebffe22f7a
SHA512

949ab1b4843a50dc17cb7fd1e25df8801ccbc4c756a92f06f72add76441763eea9ccfc02e03eba5d6eb22f8008aeb281bbc182283cfda12ef81169dcf97210af
SSDEEP

98304:ZrXpmjkwDeUdgOps8IlXP4YNqzruaI6HMaJTtGb:xIYOClf5aI6HMaJTtGb

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://jokeprvffat.cyou/api

Targets

- Target
  
  2025-01-16_60bb08876657fa77f5ff832c114f6464_frostygoop_poet-rat_snatch
- Size
  
  5.4MB
- MD5
  
  60bb08876657fa77f5ff832c114f6464
- SHA1
  
  2f8a1ee884425d7576e50a6a186bc44a9d22efba
- SHA256
  
  335f697c3be8cac622f3ebcd5107b0bad45ac1de22f7c06fffd334ebffe22f7a
- SHA512
  
  949ab1b4843a50dc17cb7fd1e25df8801ccbc4c756a92f06f72add76441763eea9ccfc02e03eba5d6eb22f8008aeb281bbc182283cfda12ef81169dcf97210af
- SSDEEP
  
  98304:ZrXpmjkwDeUdgOps8IlXP4YNqzruaI6HMaJTtGb:xIYOClf5aI6HMaJTtGb
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer