lumma | 3fbe777c0d835c2cfe1cc8d1ef588766ddb30ba76cfd1e7efd7d54e82f0143f7 | Triage

Sharing

General

Target

lumma.exe
Size

1.4MB
Sample

250117-td9zvsvqdk
MD5

2cc7523c83caacc946f619d64eefb699
SHA1

2a9ef8d8affe78238d09b2cac61efee00b3caa5a
SHA256

3fbe777c0d835c2cfe1cc8d1ef588766ddb30ba76cfd1e7efd7d54e82f0143f7
SHA512

05f835a4286c283c487d9bb43977575b93eb9d287639bf0476572b4060bffe652c386522b63404b921f2f98ec8a8eaf9b193f5f01021ab157392925a982ac567
SSDEEP

24576:BOSQiMM2XpMuh9vDkZj2WL9HQfTLdMBOBnvDN6aWpc4yulszm+ZIn6Jy10cZJ:8Sr2XpMWlh/bLdM0lhYpAvzmpky10kJ

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://steelysacckz.shop/api

Targets

- Target
  
  lumma.exe
- Size
  
  1.4MB
- MD5
  
  2cc7523c83caacc946f619d64eefb699
- SHA1
  
  2a9ef8d8affe78238d09b2cac61efee00b3caa5a
- SHA256
  
  3fbe777c0d835c2cfe1cc8d1ef588766ddb30ba76cfd1e7efd7d54e82f0143f7
- SHA512
  
  05f835a4286c283c487d9bb43977575b93eb9d287639bf0476572b4060bffe652c386522b63404b921f2f98ec8a8eaf9b193f5f01021ab157392925a982ac567
- SSDEEP
  
  24576:BOSQiMM2XpMuh9vDkZj2WL9HQfTLdMBOBnvDN6aWpc4yulszm+ZIn6Jy10cZJ:8Sr2XpMWlh/bLdM0lhYpAvzmpky10kJ
Score

10^/10

discovery lumma stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummadiscoverystealer