lumma | 785b5258ac133b98a0e8e51ffd037fa61af61192c186c80c633aa6d4f9a9d00b

General

Target

RayzMod_V3.zip
Size

1.6MB
Sample

250119-tyy34awkax
MD5

ef9e946e37da7e29d260289108b15c5a
SHA1

71b9d3788f74c3a66962931a52e03e156b44868d
SHA256

785b5258ac133b98a0e8e51ffd037fa61af61192c186c80c633aa6d4f9a9d00b
SHA512

795aa344cf36c9ff941a8142f0bf50f50a27eb413377c56ea75b152b67942085f9af6ce2fbc6c8e9c9bfc50e6b26ace5bd16585f0880ccaf2d0529ea370fd896
SSDEEP

49152:DoS6Zi65ZKEi++O3FYeOFut29MrHWjFBOaUX:Di5PRVY7FutrHW5BOak

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://demonstationfukewko.shop/api

https://liabilitynighstjsko.shop/api

https://alcojoldwograpciw.shop/api

https://incredibleextedwj.shop/api

https://shortsvelventysjo.shop/api

https://shatterbreathepsw.shop/api

https://tolerateilusidjukl.shop/api

https://productivelookewr.shop/api

Targets

- Target
  
  RayzMod V3/Extreme.Net.dll
- Size
  
  163KB
- MD5
  
  b501745a68ce3aeb82135264d3eab64e
- SHA1
  
  019aa9833669ea1135cf20c075d82e45806f1c3e
- SHA256
  
  b6ec30050b06fe9a133d6a3d3c8a2c69046fb9037a16c761a1cff8cc65d5c0b1
- SHA512
  
  d5e7f597622a67806a673fd16a91125ab21155648c65d00c4e4f2d0cddaa62015fa27adacd1b04990814abb7a2732a8bf4c8aa9971ccda498972327d2fad6576
- SSDEEP
  
  3072:Tveb5wQUp+tZWiO2Gg7EZ8StYmijRAaCeu9CMR:CuQUp+tZWiO2G4VStpijm
Score

1^/10
behavioral1 behavioral2
- Target
  
  RayzMod V3/RayzMod V3.exe
- Size
  
  2.3MB
- MD5
  
  ed2115c1b861e6cf53f71e1f1cd8e38d
- SHA1
  
  70ba2796950f95f0ffddaf35cfd3174fd764da78
- SHA256
  
  eb969f9065d25218d4ffc9f9613aa4bc96e13e970a3d53e26cc86cd10fe4675b
- SHA512
  
  319cec7633e77769fafdce8300809638039f70173db2d1eba8120b0d69054787086779bfa5b336eb2b3dc8d32e19d2b96b30643eaeeb187a69fcc7ac88363a7f
- SSDEEP
  
  49152:Z4mr7qCybpPo/kGRcNjkRSpbp3/CI5P76:Z7P3ybxocGRUjkEH5
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4