lumma | 3d3e71be5f32b00c207e872443d5cdf19d3889f206b7d760e97f5adb42af96fb | Triage

Sharing

General

Target

3d3e71be5f32b00c207e872443d5cdf19d3889f206b7d760e97f5adb42af96fb 2
Size

1.3MB
Sample

250121-p1by5atphs
MD5

4d95514b132a4e52abce93e967b54d6d
SHA1

4255b513bdb0d042f18348131cc0fe5a0976716d
SHA256

3d3e71be5f32b00c207e872443d5cdf19d3889f206b7d760e97f5adb42af96fb
SHA512

513dda64553fdcc8658b776c194423e842863fff6aeda2565ed8796a6380c80df148afbf717f8a9173382abe43cbb0c9430dc2d1baada777ecf9175b587c4dce
SSDEEP

24576:EaRaQChlq2VITKd6FRjxuhZc3D5OMVubzFacYhcbi7WCMGYO1gH4oZjPa2jYN91V:zYQgljbkxu/cT5LcvFhoWX4U/g91V

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://woebengeoszis.click/api

Targets

- Target
  
  3d3e71be5f32b00c207e872443d5cdf19d3889f206b7d760e97f5adb42af96fb 2
- Size
  
  1.3MB
- MD5
  
  4d95514b132a4e52abce93e967b54d6d
- SHA1
  
  4255b513bdb0d042f18348131cc0fe5a0976716d
- SHA256
  
  3d3e71be5f32b00c207e872443d5cdf19d3889f206b7d760e97f5adb42af96fb
- SHA512
  
  513dda64553fdcc8658b776c194423e842863fff6aeda2565ed8796a6380c80df148afbf717f8a9173382abe43cbb0c9430dc2d1baada777ecf9175b587c4dce
- SSDEEP
  
  24576:EaRaQChlq2VITKd6FRjxuhZc3D5OMVubzFacYhcbi7WCMGYO1gH4oZjPa2jYN91V:zYQgljbkxu/cT5LcvFhoWX4U/g91V
Score

10^/10

discovery lumma stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummadiscoverystealer