lumma | e4b210caea4432928727e860786c36e5ef6ecacced4b00374a049342d4b62183 | Triage

Sharing

General

Target

21012025_0936_package1.zip
Size

20.2MB
Sample

250121-llb4ssxner
MD5

43087e14441cffd015528e3a13b24253
SHA1

10af61b80d7b872c14af11779179e7bbddacd30d
SHA256

e4b210caea4432928727e860786c36e5ef6ecacced4b00374a049342d4b62183
SHA512

b295b525ac1601917379877c16be65c678d20a458d29781e2975a1153192252c0d86736dedd9fc5a6fb71a21a98d53cbca4f99f8e0bd8717d72fe53acf44fa09
SSDEEP

393216:WVHM+zcsgIOX1+FSgGP+atjF+XSOIG6sf3idq1+W/1vBE2WRqiA6SLTuaJ1q14:g/DghXk2Wat2H6sfi4p/IqhLTu+

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://babbebange.cyou/api

Targets

- Target
  
  FNP_Act_Installer.dll
- Size
  
  3.2MB
- MD5
  
  818abbbd3717505c01e4e8277406af8f
- SHA1
  
  4374b855c5a37e89daa37791d1a4f2c635bf66e7
- SHA256
  
  bc0acdfb672ad01ad3b658ee51e2ee6523d56ea4bc4c066b390cf9b494e2aa69
- SHA512
  
  7c73ec9b15e82964573db1b7d3996677b244b6efa64cab60cefff6d995d3ea3e6e89c1578c5b5a266b964a19336ce5b956a4a4f37be12b4907dbee827b6613b9
- SSDEEP
  
  98304:g9vHrUQ+Sf05UP4GX5Na5EN7QyZJWr5iq25c3iK:g9v4sJXPZ7QyZJWr5l25cD
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  ISUIServices.dll
- Size
  
  7.1MB
- MD5
  
  8ff059505a66e89bcc87dbb93e41ff0d
- SHA1
  
  6594bca59b503dcd85071872f598bc442c1afebe
- SHA256
  
  37b0f6eb77b5bdc02ace904a0c9dbaba29a0e966f96839bacca52d207815adbd
- SHA512
  
  a5df05981f0ae4b16d3934f8525840fe0d219f728ce5dd83073d2503f279cb6cabee47ccd96825efbf12dd0999220cca9460a796024dabb20c95ae3917bf11d3
- SSDEEP
  
  49152:OODghpgsd+Xhb114LlHTuDB8hahM4kbjoVQdBefSC4DlRS:OBpgsuVCTuDBR1j
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  MSIMG32.dll
- Size
  
  3KB
- MD5
  
  ae2fb3295fd4bee1e651b7b6639d7bfe
- SHA1
  
  4ac939d67002aabccf7a5878302a37b8079dda12
- SHA256
  
  c1f88d099af72cae6f6baaf7473da78279dc50b112f7fb68f93b5c3f29051c45
- SHA512
  
  90c2adc288547a2fec7bf6865b1341f2708ecf1e9ca78e0e440de008c5b032192998a42de0359f267e51d7ed8ee6a8e3ecc007d002d394cc5629cb81d94e9db9
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  TSConfig.exe
- Size
  
  1.5MB
- MD5
  
  48c9a0c76b44a5f2729c876085adba4e
- SHA1
  
  8a5bee1995153d6069fb322ed23dec2de461f0df
- SHA256
  
  b5f9377bd27fcf48fb3d81d0196021681739f42a198e8340c27d55192d4bd3ac
- SHA512
  
  75873d0d41e16f5c9c58784f5eff2749f33be720f6f235e9da69c08d688d07c9a879f0fa4e365a172c3c61408c5fdef391b139aca70c3f6560fed3c4a181238d
- SSDEEP
  
  24576:fY+Ag1SNPX13A9N9sLhqMFb3crrwrK00cjncHgPeR:qg1e5AGqMBgp00icHgPeR
Score

5^/10

discovery
- Suspicious use of SetThreadContext
behavioral7 behavioral8
- Target
  
  ToolkitPro1840vc140U.dll
- Size
  
  11.4MB
- MD5
  
  4fd7b7bfea443fd09ef3bff0d1ae5e1a
- SHA1
  
  aef5c5d6d1639d2c084c235b1f308c8ff51048e1
- SHA256
  
  c725fceaa2d1a47189c9ae72720ce04682e64ad35c2310b83e560550817741f4
- SHA512
  
  7fb686be0a858e8e493ce1dbbc058070d4338a768fff0c0f05915183d4be5023fd362926d0eb6a9c4cedb2d7c2f5519e472298cbf3e2ea0980b5f0c7772bf0b3
- SSDEEP
  
  196608:ucHYDbHUrGqQK+XqPWsa0ukJ5yOZIwJ5dpSt9VQ:mbYGFKJe8uk3yAp
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  concrt140.dll
- Size
  
  254KB
- MD5
  
  f36dae6ea00f102b60a5011af0732123
- SHA1
  
  06fabdbf1fa14b5a637716f9f7a28c95ea4a8661
- SHA256
  
  0a3894dd420ed6b4c7ebbde463dbbde69cdb032e290b1c86c21ccdaa4da95526
- SHA512
  
  c585e25ac9d733ca82d36d4cee0fa5f7d34a0455c359e010c501d1474c612bc73429093ba302ae14222d7e3a89d5b11777529b3005c7c0966aff06c92c7cce12
- SSDEEP
  
  6144:fCoAisTYsJ8wmqr85bqo0MJQ6AZiJeqaajUQnLg2CJuuwr/12z/5vC498C:q0CpiAIaDuuwwzr8C
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  cpfe.dll
- Size
  
  4.9MB
- MD5
  
  eda3dbb0f36ecd094b7e11a8a3eba68f
- SHA1
  
  4ac9722cdf74dc609935c1e450e242aa5b2301da
- SHA256
  
  a57f3db4c4c489fc743960915dd4319c4d2e55046dab1813fbf3b2fe4e133ae5
- SHA512
  
  2e59fbee929a8452e201fab5661b6b46ed994b9c47405732062ab1719c41c5709b7c78f42ea764576194d9a72b23456de8ac2b5d5cb0aa7af89db4f5ecc3fd4a
- SSDEEP
  
  98304:RXvjpr5EwEbgUq1m7tXIbbEIrOnEYojXQi59+tqK6LGC/nN9ydiGfQ/Z35WBe8LO:p/N9ydQxp61LnnCIMZpgqO4+9
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  mfc140u.dll
- Size
  
  4.6MB
- MD5
  
  266c6a0adda7ca07753636b1f8a69f7f
- SHA1
  
  996cc22086168cd47a19384117ee61e9eb03f99a
- SHA256
  
  3f8176bbc33f75fbcc429800461d84bcdb92d766d968220a9cc31f4cf6987271
- SHA512
  
  016c3197a089e68145741a74d6fb2749d45d0760cdb471c9c4efc17b365b0c0dfddd7ca331d5a6fad441485c382b382eab6ed9aca80640a540fed36c6905125c
- SSDEEP
  
  98304:S7LNEoTofSiJHbPkznGXW/nHnFLOAkGkzdnEVomFHKnPmWx+:ApfiB8bGXW/nHnFLOyomFHKnP/A
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  msvcp140.dll
- Size
  
  437KB
- MD5
  
  dc739066c9d0ca961cba2f320cade28e
- SHA1
  
  81ed5f7861e748b90c7ae2d18da80d1409d1fa05
- SHA256
  
  74e9268a68118bb1ac5154f8f327887715960ccc37ba9dabbe31ecd82dcbaa55
- SHA512
  
  4eb181984d989156b8703fd8bb8963d7a5a3b7f981fe747c6992993b7a1395a21f45dbedf08c1483d523e772bdf41330753e1771243b53da36d2539c01171cf1
- SSDEEP
  
  12288:kKB+zFjoLcAtFSYy9PA7TEsnmLIxhUgiW6QR7t5s03Ooc8dHkC2eszslz:kKMzFj4tFSYyO7TEsnmLIe03Ooc8dHkw
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  vcpkgsrv.exe
- Size
  
  1.4MB
- MD5
  
  38901633c833cba7f682472ced0dbe4b
- SHA1
  
  0c11a1ac834d2b270ba60f3605109933ca11a7f0
- SHA256
  
  a5c5487194f761dac90e178c9c1753c0f47b041f3168b5c23a587f33f69e5089
- SHA512
  
  70d71197c68c9a92883c482aee76978e2a01e785be6fb3b6082369e25d991d3e03d8467e11d87493e54f5a3dc4bcd59fa588f0fabe5f6fdcf3361de95cb471c1
- SSDEEP
  
  24576:gLikjHtEvSKi9Q8K8Nj99HxJ+EbUUbnI11f4wuTLoYHTkPQ4JD7eK:gukT+SpRKaJb0f4wrCSP
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral19 behavioral20
- Target
  
  vcruntime140.dll
- Size
  
  88KB
- MD5
  
  1d4ff3cf64ab08c66ae9a4013c89a3ac
- SHA1
  
  f9ee15d0e9b0b7e04ff4c8a5de5afcffe8b2527b
- SHA256
  
  65f620bc588d95fe2ed236d1602e49f89077b434c83102549eed137c7fdc7220
- SHA512
  
  65fbd68843280e933620c470e524fba993ab4c48ede4bc0917b4ebe25da0408d02daec3f5afcd44a3ff8aba676d2eff2dda3f354029d27932ef39c9fdea51c26
- SSDEEP
  
  1536:Lb8h/b8bgkjohTX6pz0y9v+xSUKF1IuCmgnKecbWJdazlTjznFKwcjzBG:LbWUgkOTX6ey9v+xSjFyuBecbWnaNjjb
Score

3^/10

discovery
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

lummadiscoverystealer

behavioral20

lummadiscoverystealer

behavioral21

behavioral22