lumma | 37ef1e2cd2e1594572abad74d88463ef61179a0e8779b889c3c4364325b2f7c3 | Triage

Sharing

General

Target

2025-01-19_4693bb147035b175de0478a0d3e90b9b_frostygoop_poet-rat_snatch
Size

6.3MB
Sample

250119-cyq9tatjhp
MD5

4693bb147035b175de0478a0d3e90b9b
SHA1

00fdb48d88da37beb59013e4c42ed8cc8eb9cb0e
SHA256

37ef1e2cd2e1594572abad74d88463ef61179a0e8779b889c3c4364325b2f7c3
SHA512

4ec514aa399a799c09dc0cbeb3270a4d2b0d1475705ad7d1c15714aa6803ca154536313b3e8928759ae1c86caf633878e0fef4ee25b88d10cc73417bc891d3c3
SSDEEP

49152:ghZhvrCThcGj8J2ILpz8IyMBEGKDEYTEMAQNvbmi5saDCvGpDMTou4ku9C2fXCmw:kHrCuZ2IZDylEavqiNpDMToV9pflN

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://clammyrobiny.cyou/api

Targets

- Target
  
  2025-01-19_4693bb147035b175de0478a0d3e90b9b_frostygoop_poet-rat_snatch
- Size
  
  6.3MB
- MD5
  
  4693bb147035b175de0478a0d3e90b9b
- SHA1
  
  00fdb48d88da37beb59013e4c42ed8cc8eb9cb0e
- SHA256
  
  37ef1e2cd2e1594572abad74d88463ef61179a0e8779b889c3c4364325b2f7c3
- SHA512
  
  4ec514aa399a799c09dc0cbeb3270a4d2b0d1475705ad7d1c15714aa6803ca154536313b3e8928759ae1c86caf633878e0fef4ee25b88d10cc73417bc891d3c3
- SSDEEP
  
  49152:ghZhvrCThcGj8J2ILpz8IyMBEGKDEYTEMAQNvbmi5saDCvGpDMTou4ku9C2fXCmw:kHrCuZ2IZDylEavqiNpDMToV9pflN
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer