lumma | 14dc380896e6d3631ced48498b0d552c9b0585764fdd666bf26bb7d8fca15eaf | Triage

Sharing

General

Target

19012025_1656_package1.zip
Size

9.9MB
Sample

250119-vf35rsxjax
MD5

88cf3f1e3bcfdb42f19e57e9356abf82
SHA1

04d0d2c58718d9f57a09db1daa7e3687ecad84e1
SHA256

14dc380896e6d3631ced48498b0d552c9b0585764fdd666bf26bb7d8fca15eaf
SHA512

1ebfd8f38b0368863a6c4725cee05bb627d7e4dda28da577f525ef1dd6683d492875f3252704dba7c9a0f62716c307998bfcfd5cd2053b6355cf5a3c0f2ba2db
SSDEEP

196608:+eX6iPyfqs0UQvluVYJ03HEF0EAlL5Cd2pZuW3aNMMJMOVYIl5KlPsMKu+laoMXc:BhP3UrViIXjCCuWgMMOtkDuEafcR

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://sensatiogener.sbs/api

Targets

- Target
  
  SbieCtrl.exe
- Size
  
  3.2MB
- MD5
  
  b258355c6111fc69e4fba1c4c9c7ad44
- SHA1
  
  4fc0ad0b5246ef80e94929104483d8264c673481
- SHA256
  
  a1dfdadb5d8aa92efb1edb2ff281f205d14d10526b1b70272af121a5ed64f1fa
- SHA512
  
  d586baa499a27772631972ba5b5afa6ae7b0b94709c04e67b9b5a15ca7fd73788d0919e09be3873ab1956449dfbbc27eccbff4b506d61012f3ce2f162392f0a2
- SSDEEP
  
  49152:RVun9dkI2fZKTRQOXjuOvDApXkFDbHMnE++X3mDWRPhm3K9IMrPTfRmsHxQK2GWH:RufvCcuE++hhm3grNmsRQKW0jijZ
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  SbieDll.dll
- Size
  
  856KB
- MD5
  
  cd327c365959c281d561ff224ebb3fab
- SHA1
  
  1528b10d3d04e95d722bc9443c20522dd4e89e0e
- SHA256
  
  dc4f7b5aeb5b15a72ea230112986db9b2f8ef6c970fb74930cdd2188a4397e1b
- SHA512
  
  ec8c4be844ba0f50f070d1e533c165d30c3a90b38b837e58c4ed966a9e9cc4fd41ece013458fcf7c3d3c244024f8b4cb213d39f0819210334430d39a4452c955
- SSDEEP
  
  6144:7OIuljOCjnYROPXP1QvGkZbCXVfrJHsX9Bxqy8OfmpT5+aq02WSawHEzDu4n9cuc:pGaCLYROPP1OGZzHGBzJfsH2Wwcgl
Score

1^/10
behavioral3 behavioral4
- Target
  
  medina.rtf
- Size
  
  37KB
- MD5
  
  d125cedbbfe725a94948561401f0a555
- SHA1
  
  3b2484f8600f42ebbeb89093b8efeab4cb173c37
- SHA256
  
  c10719865726f362838d5ac424bfb83679e9c8e27743894faeccc5c2d55dc07f
- SHA512
  
  18280f1741ff0f3d93d7f476974d736fdf67678fd0e53b277459203679e43fdea48423e4c43122ecc7cf605ca0a197788bb446753f52c24820b1fc1870d9fef5
- SSDEEP
  
  768:Vec0FGaL4s1gnoQcVn03vM1dKu+olkjW4AcYihDTclVTEK5:EGaL4s1gJ3v6KuJTc9h+L
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  steamerrorreporter.exe
- Size
  
  560KB
- MD5
  
  dc1681b98049f1df46dd10d7f4c26045
- SHA1
  
  4c7f5cf7c00b6139979f8aa41f46979666369224
- SHA256
  
  594f9853124e0a81deeaaecb8ec3d192169e7393778214ef6d8f6460450ef080
- SHA512
  
  c9a2086326acbab8aba801da0d8bd2aa06951ec7fd7f32a3150f9521498c0b6711552695fbf9d0de7668503630c508bcd68e1d715796ef34f9945035da3fe1ed
- SSDEEP
  
  6144:mOzBfFojwX0v4KU9DJZ10Bwr/RvTuZjOULXAO99cER0u+GIIIIIIIhIIIIIIIIIZ:mONFX0v4KU9DJZ16wr/MHVm5a0dw/D
Score

5^/10

discovery
- Suspicious use of SetThreadContext
behavioral7 behavioral8
- Target
  
  tier0_s.dll
- Size
  
  341KB
- MD5
  
  884013332bf332e4dd8cbf0109a8cfeb
- SHA1
  
  c01789d661d465ca29d20174d8f5d29afb1fcffa
- SHA256
  
  8ed104f6d7a50f95d515005bf6bd5569cd2dc0107119aa3d91e21dd7ba777e98
- SHA512
  
  ea18f416b1295edcfc197c685d56030246097bf95ffffa46f13a16753d05d95a1adb83b5ba0669eaa1049856ea2486ca0fc49507df7d41572de80701e9852f64
- SSDEEP
  
  6144:DO5PGFHiJNurwiq3u6FukK7hrYmFX0A2qu7ItONk+Z1s4gDT+x5/fXckKk:K2HiVRukK7hrnFh2qos4gDTAnlx
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  vstdlib_s.dll
- Size
  
  519KB
- MD5
  
  464b80302d3e5f1a12030f2afd15e8c0
- SHA1
  
  fa4a9d98b5272f3d1110188b53264b03134f1bcd
- SHA256
  
  954ecb7e90993cf1e3d426a00512f0591a0c385d986db7b923b872289a659ed9
- SHA512
  
  03686460522be3f830142c95b86dbaa686888a1fd22dc218ef6f0a6e1b7b1f8d65444b47d909c09348c6fa003d5f000998f640524aa001d719f4381c78e004d1
- SSDEEP
  
  6144:pHSB3aD4IaQhzA12ytyjiIhGdoVnfNJ6mgVQttuZ83OmQKgR3ezzm:x2IzFAEytyjiIEoVnfz6r01yozy
Score

3^/10

discovery
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummadiscoverystealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12