lumma | ae0db4dee13f262b02514a5e72923c896023417e4d7a61accf102b3b2cec98ea | Triage

Sharing

General

Target

Set-up-edit.exe
Size

2.9MB
Sample

250117-3ew9tsxjem
MD5

811ccb4cedcdab35c288bec22e32798c
SHA1

4790da91cd98b653f5f7a63d6210941721b1018f
SHA256

ae0db4dee13f262b02514a5e72923c896023417e4d7a61accf102b3b2cec98ea
SHA512

3ff65251a3f6ac1e0f244c65e75605f8f1972f7e331d13e52ad30df6bc3a369f1f638bdeb2ca31f52021eff1271cf868c44472ba7dbb481033438b2b4fcc6dc4
SSDEEP

49152:Ugb/hT+/+pb1kgY3kWxWtWkbHVRv08IV38/3KseT2RNeWOuRQ3Dz7ikNl9Gvi:VDo/4pW3kOWVb1Rv08IVkKvkeIQHmk/1

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://joinresperct.shop/api

Targets

- Target
  
  Set-up-edit.exe
- Size
  
  2.9MB
- MD5
  
  811ccb4cedcdab35c288bec22e32798c
- SHA1
  
  4790da91cd98b653f5f7a63d6210941721b1018f
- SHA256
  
  ae0db4dee13f262b02514a5e72923c896023417e4d7a61accf102b3b2cec98ea
- SHA512
  
  3ff65251a3f6ac1e0f244c65e75605f8f1972f7e331d13e52ad30df6bc3a369f1f638bdeb2ca31f52021eff1271cf868c44472ba7dbb481033438b2b4fcc6dc4
- SSDEEP
  
  49152:Ugb/hT+/+pb1kgY3kWxWtWkbHVRv08IV38/3KseT2RNeWOuRQ3Dz7ikNl9Gvi:VDo/4pW3kOWVb1Rv08IVkKvkeIQHmk/1
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer