lumma | 2d93225c3029a377e3dd2a4d4e808ff3e327c2ab533266cba6602dd87ddd14b4 | Triage

Sharing

General

Target

2d93225c3029a377e3dd2a4d4e808ff3e327c2ab533266cba6602dd87ddd14b4
Size

10.6MB
Sample

250120-zk5xdaykam
MD5

fc6d91a2352bb62c0e305410be8bf4c7
SHA1

4c796672c38df2c377895f09df2ccb336d54469e
SHA256

2d93225c3029a377e3dd2a4d4e808ff3e327c2ab533266cba6602dd87ddd14b4
SHA512

be6999fb22862e8dfbafc816bce8868e1a431c4891906cd24c6aaf77e170d273a0f85110fbf727c6a92294e09b02f2957f9e2b9c4660ee162f05ea48b88ceafb
SSDEEP

196608:Wa7MIV28ErXpqKGfHQh7fsHvsQbflXmO81OaK2BkzWyvtjbXiAhl1aFvQqKckbP:dYXXoKph7fnQflDajBkay1jbfCQqK1z

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://abnomrmakio.cyou/api

Targets

- Target
  
  FNP_Act_Installer.dll
- Size
  
  3.3MB
- MD5
  
  bd1341856f0f5f8db5d54401c0d3261c
- SHA1
  
  b6f9287fd2da120e3a69aefdbcce8230582542af
- SHA256
  
  4c08963572d2e9d80782221c2a0d7633c72e6eb3ed8d364b8a512441ec5d774f
- SHA512
  
  42e816fc9a630831453f4ce5080586500a415e098b2e2a14005e9c39a4c5b87cd1682f3060cba7490dc42117f53ec5951f2dc14181981017455cb1a14e93c06b
- SSDEEP
  
  98304:LA8wTb5Lg1kToNxnlbUYY0qUVON+xSjNAnOsItdE1hLK6o:LA8u+FSjNAnOsItdUhLE
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  ISUIServices.dll
- Size
  
  7.7MB
- MD5
  
  3b81ed520d9dde9c78a9aa9ec5bcc205
- SHA1
  
  25a9730125f20232bebd09bf17c224647a04dce9
- SHA256
  
  276f328fdf9df6c5094bee29f10576bbb3b78dc853fb4cd344038ed857099dbd
- SHA512
  
  1a2cbfd7c422428dcd2ff7ed684c52abfb307f61ebdfaf64bdcddbfa36ef97092c6e52b9c9ec0c001ab5d6f7b92453b7099499ace333530b414a8a6ccf221bb5
- SSDEEP
  
  49152:+QE4Ba3fv8197MXdbYr3dYvGOnCCztpEuDBVhahN4kejo1gN8o5BzPOLP:+d4Buv81975pYQhuDBEOE
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  MSIMG32.dll
- Size
  
  3KB
- MD5
  
  ae2fb3295fd4bee1e651b7b6639d7bfe
- SHA1
  
  4ac939d67002aabccf7a5878302a37b8079dda12
- SHA256
  
  c1f88d099af72cae6f6baaf7473da78279dc50b112f7fb68f93b5c3f29051c45
- SHA512
  
  90c2adc288547a2fec7bf6865b1341f2708ecf1e9ca78e0e440de008c5b032192998a42de0359f267e51d7ed8ee6a8e3ecc007d002d394cc5629cb81d94e9db9
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  TSConfig.exe
- Size
  
  1.8MB
- MD5
  
  e367ccd75b44a581b76040040df16eea
- SHA1
  
  127c1fae3f28ddcecf09050ad7191cd9c6b7f482
- SHA256
  
  d364a62a725b5f5d6ff6b3ffcaf3bf5086e80ee3ecb8d7e182876fce557579b2
- SHA512
  
  89ea1143aaf28253c6a6e044a92b7822923a95fc7b08142028f8b8b64166e32c2c6deb68f48b84170b907809c7ecbcea6d7eadb97d827b7f99b663a4dac65060
- SSDEEP
  
  24576:cA+yMgvxQWLCMhXMS8tzkXmPVUo4xSF9YxOnV7HwplZeQlBH9+IZCXjLQ4Lpp7eG:dx2MhXMa9+IeQ4+0uXOdmQHKPeB
Score

10^/10

discovery lumma stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral7 behavioral8
- Target
  
  ToolkitPro2200vc170U.dll
- Size
  
  10.5MB
- MD5
  
  8a7fb716d57df2d2ed06be3b72f49bcc
- SHA1
  
  a9736b0ad1c9369bb3b470fa7901599eac4c1ba2
- SHA256
  
  1c2d5be623c48e8564c5d3bd44ad729e4b70b961891b7144208561b3a989baba
- SHA512
  
  560c2106275adc4741f84e35d870de91695e26c0ae252b026a8641cd630c79dfe4d49dfb60fea0d62319b9e55f9be5ee07cce6cd28991a7f28405dda46bb835f
- SSDEEP
  
  98304:BKC9AzggHYX7ENoavIBttDo88pL7gGe4kan:BKDggHYX7YhvIHuzpL73ka
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  mfc140u.dll
- Size
  
  4.6MB
- MD5
  
  266c6a0adda7ca07753636b1f8a69f7f
- SHA1
  
  996cc22086168cd47a19384117ee61e9eb03f99a
- SHA256
  
  3f8176bbc33f75fbcc429800461d84bcdb92d766d968220a9cc31f4cf6987271
- SHA512
  
  016c3197a089e68145741a74d6fb2749d45d0760cdb471c9c4efc17b365b0c0dfddd7ca331d5a6fad441485c382b382eab6ed9aca80640a540fed36c6905125c
- SSDEEP
  
  98304:S7LNEoTofSiJHbPkznGXW/nHnFLOAkGkzdnEVomFHKnPmWx+:ApfiB8bGXW/nHnFLOyomFHKnP/A
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  msvcp140.dll
- Size
  
  437KB
- MD5
  
  dc739066c9d0ca961cba2f320cade28e
- SHA1
  
  81ed5f7861e748b90c7ae2d18da80d1409d1fa05
- SHA256
  
  74e9268a68118bb1ac5154f8f327887715960ccc37ba9dabbe31ecd82dcbaa55
- SHA512
  
  4eb181984d989156b8703fd8bb8963d7a5a3b7f981fe747c6992993b7a1395a21f45dbedf08c1483d523e772bdf41330753e1771243b53da36d2539c01171cf1
- SSDEEP
  
  12288:kKB+zFjoLcAtFSYy9PA7TEsnmLIxhUgiW6QR7t5s03Ooc8dHkC2eszslz:kKMzFj4tFSYyO7TEsnmLIe03Ooc8dHkw
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  vcruntime140.dll
- Size
  
  88KB
- MD5
  
  1d4ff3cf64ab08c66ae9a4013c89a3ac
- SHA1
  
  f9ee15d0e9b0b7e04ff4c8a5de5afcffe8b2527b
- SHA256
  
  65f620bc588d95fe2ed236d1602e49f89077b434c83102549eed137c7fdc7220
- SHA512
  
  65fbd68843280e933620c470e524fba993ab4c48ede4bc0917b4ebe25da0408d02daec3f5afcd44a3ff8aba676d2eff2dda3f354029d27932ef39c9fdea51c26
- SSDEEP
  
  1536:Lb8h/b8bgkjohTX6pz0y9v+xSUKF1IuCmgnKecbWJdazlTjznFKwcjzBG:LbWUgkOTX6ey9v+xSjFyuBecbWnaNjjb
Score

3^/10

discovery
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

lummadiscoverystealer

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16