lumma | d1996d01d478657c7be1734d37e0326f778eff4e7f6283fca1e8a427cc1a94e4 | Triage

Sharing

General

Target

2025-01-21_062250dd669c1ee2ffad83db43299d54_frostygoop_poet-rat_snatch
Size

4.7MB
Sample

250121-sr14faznhz
MD5

062250dd669c1ee2ffad83db43299d54
SHA1

5f08e6b25ca2f60968f9ac52fe0e49021a06dad0
SHA256

d1996d01d478657c7be1734d37e0326f778eff4e7f6283fca1e8a427cc1a94e4
SHA512

5fa3db5fdeca440bd9a858f004bcc0039171d20dd07d1027723d548487b33fa515289f9764476ba7273befd187e79e07dc1b6be3d139f8a3b8628ee17018533d
SSDEEP

49152:uH+t33D6u8hCI6qD5LGo8TOGPkJ85zhQoD66K+BSkFW5o1Ud6x1:ue9zyhC5kioWksz1BSkb1

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://kitestarepatt.click/api

Targets

- Target
  
  2025-01-21_062250dd669c1ee2ffad83db43299d54_frostygoop_poet-rat_snatch
- Size
  
  4.7MB
- MD5
  
  062250dd669c1ee2ffad83db43299d54
- SHA1
  
  5f08e6b25ca2f60968f9ac52fe0e49021a06dad0
- SHA256
  
  d1996d01d478657c7be1734d37e0326f778eff4e7f6283fca1e8a427cc1a94e4
- SHA512
  
  5fa3db5fdeca440bd9a858f004bcc0039171d20dd07d1027723d548487b33fa515289f9764476ba7273befd187e79e07dc1b6be3d139f8a3b8628ee17018533d
- SSDEEP
  
  49152:uH+t33D6u8hCI6qD5LGo8TOGPkJ85zhQoD66K+BSkFW5o1Ud6x1:ue9zyhC5kioWksz1BSkb1
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer