lumma | 415073c534042cf782c00f9ee64f765b994d243a10a9c8d56be84cc45eb8f1f1 | Triage

Sharing

General

Target

Discord Checker.exe
Size

58.6MB
Sample

250121-22kzmswmej
MD5

c2d496802f813fa0d09efd0b6f91b977
SHA1

fa4db0473ca9034169d062609e6bb9a045c6cefc
SHA256

415073c534042cf782c00f9ee64f765b994d243a10a9c8d56be84cc45eb8f1f1
SHA512

77268ea332f048d3d461d468abd66cde9e367b79cb47b8227a7cc1aec910c252b5dd77572c31baae491edc52f9da7165c30d9b373ecfb9cdb70b208ebd23abc2
SSDEEP

12288:Dv2YAEaMSpAmzHCr9MQfnKXynbN+e7cExX/r88/gmYFK/6i3G6L5xQrEWxAi1+HK:DW4StY9MQfnlbHXW

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://celosiapatroen.shop/api

Targets

- Target
  
  Discord Checker.exe
- Size
  
  58.6MB
- MD5
  
  c2d496802f813fa0d09efd0b6f91b977
- SHA1
  
  fa4db0473ca9034169d062609e6bb9a045c6cefc
- SHA256
  
  415073c534042cf782c00f9ee64f765b994d243a10a9c8d56be84cc45eb8f1f1
- SHA512
  
  77268ea332f048d3d461d468abd66cde9e367b79cb47b8227a7cc1aec910c252b5dd77572c31baae491edc52f9da7165c30d9b373ecfb9cdb70b208ebd23abc2
- SSDEEP
  
  12288:Dv2YAEaMSpAmzHCr9MQfnKXynbN+e7cExX/r88/gmYFK/6i3G6L5xQrEWxAi1+HK:DW4StY9MQfnlbHXW
Score

10^/10

discovery lumma stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummadiscoverystealer