lumma | c4d20704a829164ce29a889159964ce47eeeefa8b96d07e6ea4aca0f2a1be7e9 | Triage

Sharing

General

Target

3.ps1
Size

502KB
Sample

250117-j6958aykbs
MD5

8760f349093248f3bdccf42dd3ae0e7b
SHA1

5f62db5603b5f5b94c60df316e6e4b4f7496c3a0
SHA256

c4d20704a829164ce29a889159964ce47eeeefa8b96d07e6ea4aca0f2a1be7e9
SHA512

1adf351eea29333153fdc06fd2063233ce202fa1e0025891156d4ce94eaa717139d7a8cf78a5a1c8ac8ebc719af2cb6d5188c4f1bc5d556ec008154752d049e9
SSDEEP

6144:U2s1zAOok9Y3sOGnuerPkwo67g3Lk7pyFV50GuGdtqphBddqyIFr2JdyPrnxiNHM:Ul1fOXZQuAbw6465ajImdALqpvfsifPl

Score

10^/10

lumma discovery execution stealer

Malware Config

Extracted

Family

lumma

Targets

- Target
  
  3.ps1
- Size
  
  502KB
- MD5
  
  8760f349093248f3bdccf42dd3ae0e7b
- SHA1
  
  5f62db5603b5f5b94c60df316e6e4b4f7496c3a0
- SHA256
  
  c4d20704a829164ce29a889159964ce47eeeefa8b96d07e6ea4aca0f2a1be7e9
- SHA512
  
  1adf351eea29333153fdc06fd2063233ce202fa1e0025891156d4ce94eaa717139d7a8cf78a5a1c8ac8ebc719af2cb6d5188c4f1bc5d556ec008154752d049e9
- SSDEEP
  
  6144:U2s1zAOok9Y3sOGnuerPkwo67g3Lk7pyFV50GuGdtqphBddqyIFr2JdyPrnxiNHM:Ul1fOXZQuAbw6465ajImdALqpvfsifPl
Score

10^/10

execution lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummadiscoveryexecutionstealer