Overview

overview

10

Static

static

1

file.html

windows7-x64

3

file.html

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    8KB

  • Sample

    250120-vm73aszmar

  • MD5

    4e97081fca4258ac92a9971595b85cce

  • SHA1

    51243820f66f3e66011931200ff346505c24a12c

  • SHA256

    3c68421a6685f6a82d80d9a821555845b4894f2ae5300cbcf62bca64cd170373

  • SHA512

    6306328cc40af481a3fce3eac1de69d233ac60f80b0c5c97ef30b40fff4f1a02b4df7a1c7b1a25fb7ecf06cddb19962dc68e4715174ca3dfec2809140b0a51cd

  • SSDEEP

    192:PN2x2BB0xJj87ppPpDv7AwkEJQ8R9RItZXMjYyIN:Axe0xA/POwMSwN

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://uprootquincju.shop/api

Targets

    • Target

      file

    • Size

      8KB

    • MD5

      4e97081fca4258ac92a9971595b85cce

    • SHA1

      51243820f66f3e66011931200ff346505c24a12c

    • SHA256

      3c68421a6685f6a82d80d9a821555845b4894f2ae5300cbcf62bca64cd170373

    • SHA512

      6306328cc40af481a3fce3eac1de69d233ac60f80b0c5c97ef30b40fff4f1a02b4df7a1c7b1a25fb7ecf06cddb19962dc68e4715174ca3dfec2809140b0a51cd

    • SSDEEP

      192:PN2x2BB0xJj87ppPpDv7AwkEJQ8R9RItZXMjYyIN:Axe0xA/POwMSwN

    Score
    10/10
    discoverylummastealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks