lumma | 13d366678ecc0f497d38614b0f29d387e013b8b36bea5aafeb70b7dcc0f35d8c | Triage

Sharing

General

Target

installer_1.05_37.7.exe
Size

1.1MB
Sample

250118-31x39azmap
MD5

f32e38ba72ea905c85f334c46e29a395
SHA1

7ac493eaaa906da24168edc015ea8223563c7e09
SHA256

13d366678ecc0f497d38614b0f29d387e013b8b36bea5aafeb70b7dcc0f35d8c
SHA512

7e1cdf166f1798444a4cff5d47c0c2dcc402ef0d1a34be705222457c355c268cca60caf988be2bfb02066744053b02d6fae0ff977a07f145942d57587d31986b
SSDEEP

24576:l8OBhWF0n7c7GtMTNWkMxOFfcpdvcPi47BkleE/2SCYT41nNzJnVJ6v5kHb7Tb7j:VT72GeTU80pZcq47JE+lzNzJ6S

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://craveinjuur.shop/api

Targets

- Target
  
  installer_1.05_37.7.exe
- Size
  
  1.1MB
- MD5
  
  f32e38ba72ea905c85f334c46e29a395
- SHA1
  
  7ac493eaaa906da24168edc015ea8223563c7e09
- SHA256
  
  13d366678ecc0f497d38614b0f29d387e013b8b36bea5aafeb70b7dcc0f35d8c
- SHA512
  
  7e1cdf166f1798444a4cff5d47c0c2dcc402ef0d1a34be705222457c355c268cca60caf988be2bfb02066744053b02d6fae0ff977a07f145942d57587d31986b
- SSDEEP
  
  24576:l8OBhWF0n7c7GtMTNWkMxOFfcpdvcPi47BkleE/2SCYT41nNzJnVJ6v5kHb7Tb7j:VT72GeTU80pZcq47JE+lzNzJ6S
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer