lumma | da11b443c20bc75de8a871f719d2d6f9a7a67b6139c5aef55c8ef5c26456c115 | Triage

Sharing

General

Target

da11b443c20bc75de8a871f719d2d6f9a7a67b6139c5aef55c8ef5c26456c115.zip
Size

13.0MB
Sample

250118-fnrdlsvkan
MD5

04f8067bd007bbd78325582a4c1a6d22
SHA1

081f85c30897b4e39e59bfb8842b17525b62a894
SHA256

da11b443c20bc75de8a871f719d2d6f9a7a67b6139c5aef55c8ef5c26456c115
SHA512

d5a876a8c904e1c7345ccc507baed415a43f400ff1ffc94b13daab3f547f857f8c40af35ffbd6f7764a19705aa210fa33abf04550c5e6f845b5fa61860cdfe96
SSDEEP

393216:OAgmyHiWknVqS8T4YedoiyDcLYT1Hf/jcyiV:O9HiWEYSMedoiA6f

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://whitebeauti.shop/api

Targets

- Target
  
  wic reset utility crack v 3.01.rar.exe
- Size
  
  774.2MB
- MD5
  
  474808aba311d59c66b39a95b04a3a30
- SHA1
  
  14b03ac26c1a599d1726428f789c0a0bbdda95b7
- SHA256
  
  13082a9d6266efdfd29e460b59baa67b1b4ac64871e8d3e23030c70ee701b6f0
- SHA512
  
  d03d3b1e50e0195af077e16b812adf4d5478f8419dc420862f4923577b1da182eae7ebf1979970d550c7e5756695ef0be63f4ae98dd0287c23f227a982392489
- SSDEEP
  
  393216:r4/CQiAu1HgD5Ra28kw43Jt1UP8USQVRrf:8/yHgf247Kf
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer