lumma | 7122ca62c18bace81ae0b291ba6df90f1f67f178ca341ba0cc7f52dbd61ab804

Sharing

Copy URL

Twitter E-mail

General

Target

Blox-Fruits-Script-Robloxm.zip
Size

6.7MB
Sample

250122-cca1pssje1
MD5

e588b29d6323bbe338a77400a58a506c
SHA1

5476f3fef42a74cb980bee86bd4bf6a4e79a1681
SHA256

7122ca62c18bace81ae0b291ba6df90f1f67f178ca341ba0cc7f52dbd61ab804
SHA512

cde782c65abe4145901d730e2ba954488fcb2f0dc9765b9e0eec6e618a0d021cafa4187720bc47251cbaf450b6061d8b93c3f76d88268a6ac1352b3c5babc291
SSDEEP

196608:OC6k6SpJIaYB9/BMLQjaZjdSowdk3CWdbRLAIkOlgA:OC6qpCa0mLESjd4kptm3Ot

Score

10^/10

Malware Config

Extracted

Family

lumma

https://toppyneedus.biz/api

https://suggestyuoz.biz/api

Targets

- Target
  
  Blox-Fruits-Script-Roblox/Blox-Fruits-Script-Roblox.exe
- Size
  
  399KB
- MD5
  
  8326264cfcff215611c9890e985b80e6
- SHA1
  
  658550e697d9499db7821cbbbf59ffd39eb59053
- SHA256
  
  d5b6cd18d84f4c8334b84745bc0603d7d7407aa7243ef945f8a3696c9d097f65
- SHA512
  
  e41f407c851eb5744fad83b504d56d8c1445d382f40c975ce938121908f484c44bc181ff60383e56cb7eb70bf127b8166b170aa35b8d032cf040a0ceebd02e3f
- SSDEEP
  
  12288:pQXNUkhnjDvP1wNiqMAYVgPinUzLnP6MOXJ:p5khnv8iRVgPz6fXJ
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  Blox-Fruits-Script-Roblox/RSI_indicator.dll
- Size
  
  571KB
- MD5
  
  5525f64ea0b99a290892fa4193674c96
- SHA1
  
  dee21f8cd118610b40e8f14f9d472da0348bff65
- SHA256
  
  5b6cbccddf9f13f8ae20ab5aaefa0d644c738ed1485e144214d1ae0dc682c8e1
- SHA512
  
  0950074238477d16c3cd366d6b5b4515f8802e2f27da0922d253ea7c67eee65f809592aec3b8b18f30a854d7b108af4d3cdd6129caca628fa80788103ce34643
- SSDEEP
  
  6144:jI683ZFfMQlrG2Nyte2VBjcuZ/soRUkxOliFHA70p6THMuirSh:jI5j0QhG2cpQgRxOlm6T+Sh
Score

1^/10
behavioral2
- Target
  
  Blox-Fruits-Script-Roblox/adbdrv/32/devcon.exe
- Size
  
  84KB
- MD5
  
  8efdbdd90337842ef4b8ceb7adcac7bf
- SHA1
  
  1eb6440e60bb09078831ba011e7f2366bf06b8b6
- SHA256
  
  bd91a6d385183af2495ff151b6872a0665beaa4c72d05943a7c97e201ef4a4f8
- SHA512
  
  1543d8ad7d347c2818d9467672547f80d44bad6f5498b2bb2153765d14fec3400ea1dd34f87022aa5b2128a92cc00ab00f84c88c42e31be353eef105510117c7
- SSDEEP
  
  768:39rhT5+KybRpnE8K74kca7NerB8iXpYmRRXvdi82BSOe9oKSJ2SLD0BEZWkA9Tyg:h+KY04RMmSCYmBiF4O7WTVyg
Score

3^/10

discovery
behavioral3
- Target
  
  Blox-Fruits-Script-Roblox/adbdrv/32/i386/USBCoInstaller.dll
- Size
  
  56KB
- MD5
  
  9f3cb843225cbbf5612ba0015354bca1
- SHA1
  
  4e0cd78823be5aa78be2054f4d4296884a7b5294
- SHA256
  
  9ad6ae3ba83531bb6f95c47f008586c2f09b03dcc01743212d611d6ee93a5ee2
- SHA512
  
  fd1111739e03f8769dd879793215c70abc48b10965bc700ec1806a1289a3dfa829c32efc0f6f7e5e17aba39dfa95b13a130e59fb0160676c796db084517514fb
- SSDEEP
  
  1536:hIthcgcgZ+nwtYBpRRPvXI8PGZPwlK7AbrcyY:hIHYx9nhbplK03cyY
Score

3^/10

discovery
behavioral4
- Target
  
  Blox-Fruits-Script-Roblox/adbdrv/32/i386/WdfCoInstaller01009.dll
- Size
  
  1.4MB
- MD5
  
  d2f19c1a1067bef5653959bc26695d54
- SHA1
  
  403102bb14550751dfa7745c744f2cfa29f49ca6
- SHA256
  
  11167a49a71cb85d29b8cfd61447ba7bad9870de172be8efa1525eb37958fde2
- SHA512
  
  d5327fb0e09868b4db4af875a61b0767af5441c664083cff4bb4988ad2e3858cfb34375888fa54c17d01fd008a5db9d9e392ac059dbf7fb344abacce93559d7a
- SSDEEP
  
  24576:zjG90oN2lj11mk/22yYzGrarZRm4X5Uh6rVh5LdfBwOyCSQM1fFhSWRA+:HGtN2h1120R7m4XShYVxfBwrC21fXS8
Score

3^/10

discovery
behavioral5
- Target
  
  Blox-Fruits-Script-Roblox/adbdrv/32/i386/winusbcoinstaller2.dll
- Size
  
  837KB
- MD5
  
  3259ebd7742a78e8fa0ad5a689b7377d
- SHA1
  
  fbe79b1f6b207c3b47ff37071c47b8ffdadf889f
- SHA256
  
  91baea13dc25e24916de0faab9a59a70fef12f3a2eec96528c1d9d076ce320b2
- SHA512
  
  3dcdeed5c2078d4c82308b63bd9812c16d07883f47a615ce06616de94c59934e916966ab026391d95af9a370fbc7a7fb90cce931736484cdc85a377080ad2f1b
- SSDEEP
  
  12288:aZq3DFVAZjj5h7OqGDqY66s32+0SLqfhA50yWI7yBoM1oGloLwtxJYnPXrmQl79:aZwoP7MYG+pX501zBoC+wtxuPXrmQlZ
Score

3^/10

discovery
behavioral6
- Target
  
  Blox-Fruits-Script-Roblox/adbdrv/64/amd64/WdfCoInstaller01009.dll
- Size
  
  1.7MB
- MD5
  
  7ee110fbe5147b3402e70f23e0f57780
- SHA1
  
  feb6a002b4090c098c1b46dd1bceef4a78379b86
- SHA256
  
  48bea71e994fa8f2a30e98c0547323b7f0246884664550f869a3f2f1c2c3bf62
- SHA512
  
  21b18cf73c0a1b040ffc9353ce66b03e9c1252787004d3597d41c84c6bf1d8151aaaf0b4d35f6317949c85fbc89fd025a5ccb7f814af3a618e42969c6e85ebbd
- SSDEEP
  
  24576:EU4MsColC6Je/ZgY7OOfcEpiRLH87SyVXGe38uKUj+NFVov1PJLfVKZ8F5mEeZWB:lFCsfZRZA6Xn388avVovfLd+Mo4iEB
Score

1^/10
behavioral7
- Target
  
  Blox-Fruits-Script-Roblox/adbdrv/64/amd64/winusbcoinstaller2.dll
- Size
  
  986KB
- MD5
  
  b55d5cd0742979dd9f46e69b2b56eee7
- SHA1
  
  d93f73f0904b7bc1a28565bcf1b90de0533fd79b
- SHA256
  
  196e47522ae1eb7a5014b196f433bc0f5fc90ed2b934177512cd3e1e5782f0f1
- SHA512
  
  aef9d7c1c3a2f6bed61a2a733e6f5c2f4656e26c5bc235bf00d26dca221901b7d7544fd859d4f4e04a65374b27e85f3dfc2088fe0bb4272f155b4cb9626d94bb
- SSDEEP
  
  24576:4AEBXzGJ7fW6hHv62VYeL7WCE3wixdLZWQzMjZ:cBXQz/hPzxRwPdcOQ
Score

1^/10
behavioral8
- Target
  
  Blox-Fruits-Script-Roblox/adbdrv/64/devcon.exe
- Size
  
  88KB
- MD5
  
  5d38f264735116c3f6d7114b18e7e173
- SHA1
  
  6635352bbeb16235dd2ecab22ca9122596d3bde2
- SHA256
  
  9f08f1ce607877c5292e57da6310e064375d6b5ea9535045b3019a2a7e91a351
- SHA512
  
  4c7021d1d9a3b7bbc7bebeb8f9a972db19e1e8f62cdf3f60c985df7855fb06075f3f943137b25483eccec9cb56f1ca12d24176def434c46f103a870694c0a0de
- SSDEEP
  
  1536:YP2K0pa0WfEYp9Y/XQhpgnbP212YCJpDhiF4O7WTFyzw:YePOYe4bu1epDh8RWRyzw
Score

1^/10
behavioral9
- Target
  
  Blox-Fruits-Script-Roblox/imageformats/qgif.dll
- Size
  
  33KB
- MD5
  
  e3a1338efadabb9fc23d955af9a7e070
- SHA1
  
  dfbe82b183fff002a2e841d73474c78f646fdba2
- SHA256
  
  f1fa3bfeea6a600f2c6d209775154cee349b7f687cb4f7213a8cad8870dbb812
- SHA512
  
  0413a6116e227fa6a3dd7da6fa4bb8db59ed64fc16e37bfa49ca28c687fe791941b3a23193796eb0ece458e87f9f78f587b3a1fe0f188b63b9148037997df1a2
- SSDEEP
  
  768:aL5MPkjurnzyuVlfehyScQeOYGuOU9OOHhTNAYFdDGzUf2hW:aNYnzyuLeEfQeFGuOU9OOHhZAYFOUf5
Score

3^/10

discovery
behavioral10
- Target
  
  Blox-Fruits-Script-Roblox/imageformats/qicns.dll
- Size
  
  37KB
- MD5
  
  862a826020dfe7ab690900a87250992d
- SHA1
  
  983117858f162f7eab3f4aee6e0d9619e20637ef
- SHA256
  
  f96e413dc1b8a67c025b3d1769241ee96dd8b079b367a6c868d650a6b68154c4
- SHA512
  
  a71cdfba3023934d0bfe25a05d2fda00f60caaf77122cc0d52c7c6f6555ebf43e13555b563a564023c02e9419471a8ed325d182508ad276517c68c9691d5704a
- SSDEEP
  
  768:nwFo5IoYXrOOmYaRCNOq9QNdhVJ0hBEH3lMwAJXGdtpZmPdDGGzUf2h2:wWBIf9QvJgEX6wAJXGdtpZmP3UfP
Score

3^/10

discovery
behavioral11
- Target
  
  Blox-Fruits-Script-Roblox/imageformats/qico.dll
- Size
  
  31KB
- MD5
  
  7200f8e1af1c6a60501d5fef7772fd0b
- SHA1
  
  5f2bac81a60f7fdfbe8b1a01f111660a3614d679
- SHA256
  
  35cf0ae6bcd1b8322482d40bf2dd693e276548885284b88e6631ab18a0c2c60e
- SHA512
  
  097835d4c8c61c2489e831b31a8bb6f2feea277439d6697b6e3165ccb6e4758986c9a1fa754696da53b6005a041156ff8bc455a71dc31ea799f5891348a07f22
- SSDEEP
  
  768:1wLKUeP1ob4OgufLCJGqU2SZ6HseQdDG0Uf2hKT:4KUeP1WyufLCJGqU2SZ6HseQ9Ufz
Score

3^/10

discovery
behavioral12
- Target
  
  Blox-Fruits-Script-Roblox/imageformats/qjpeg.dll
- Size
  
  365KB
- MD5
  
  438b696a9811cd821bbe2c54b5c1b4b1
- SHA1
  
  55eb74a0015228b1e6c1dc97e6f427c9dc804587
- SHA256
  
  84c23191b5e35eaf899358c21445a5377845c0653668bbd99b1aa8796e0248c7
- SHA512
  
  961ed9cfcd61a1fc32de89cb97100aaa9a9225c80673b2176975bf62af7f3a0e77a91fb723ed52c553e10a6f754a5e8c8085bdfbd56ef2de8144c53bf41f4e91
- SSDEEP
  
  6144:QsC804cB4tEXoOitMk5R8vsLK0LXz5pmglF90l7s0aGajl8Z9cg:Qr4bOzk5R+s5LFg9cg
Score

3^/10

discovery
behavioral13
- Target
  
  Blox-Fruits-Script-Roblox/imageformats/qsvg.dll
- Size
  
  27KB
- MD5
  
  f304a2c8067f804d25b98d360e92829f
- SHA1
  
  dae1d07de8c33912ff4ffc957f8817b2b3e8293a
- SHA256
  
  e45893bb7db31bfd32e87dc7a6b02709fca36eb83a25aedc45a39178ec80051e
- SHA512
  
  5bc122bea8de687820932666c6b76bb153b115263b31a40fd7823a2a36ebc88b27626e06e3a6c5dc5f62970c8c7e9c094984b494d7f279bfdb9bac7a8c2964ca
- SSDEEP
  
  768:WV5VVvwZ12uh991MD9dhQwe+oQQUcesJbT73dDG5Uf2hg:IvwZ12aC9Qwe+ZQUbsJbTLwUfX
Score

3^/10

discovery
behavioral14
- Target
  
  Blox-Fruits-Script-Roblox/imageformats/qtga.dll
- Size
  
  26KB
- MD5
  
  367c723591fde64c38202d4c0f5ecfde
- SHA1
  
  c13d74f417601c656f343f00d15e56517ee03b6a
- SHA256
  
  ccd620e74045d9c9157903120140b97419cbbe91fd43337e640c67cd4522072a
- SHA512
  
  31c084ba00e094e30c6f912ecd045e19c4451d8783a80dc99b99098f84c5500665a35ac901b0fde84d04df898ad67448e83539a7daa4928e8c78f798b359b256
- SSDEEP
  
  384:kg8gKOwVg6VjbFnOfEIzPMoVhWyrsdnyBSxQrrVIyndDGdEDgf2hR:kPxOQXOfEnoVh5/BSxQrxIYdDGKUf2hR
Score

1^/10
behavioral15
- Target
  
  Blox-Fruits-Script-Roblox/imageformats/qtiff.dll
- Size
  
  345KB
- MD5
  
  49b6f0ba901f649ab110744e34076951
- SHA1
  
  4c9eebadb5b86147ea94f48eaa6705a4b75b3e61
- SHA256
  
  5128aedf4bd9b747ac848bf85e0ffb99ba814bd8e671adff7d26391d31259050
- SHA512
  
  b42a13f0215a194f77781ac74cf55c24a0f0bc99cc872ea06125cfe12ffef93add0665991339db3b7962262e6d381f20227da3272360450b53993d06bc0ec98a
- SSDEEP
  
  6144:BpYIdJpn0zXsT6DP64icIkjEkaNCTjM+8kBHWNFnHJXGFkDQDWr:jYIp06+IkjeNGjIkZZKr
Score

3^/10

discovery
behavioral16
- Target
  
  Blox-Fruits-Script-Roblox/imageformats/qwbmp.dll
- Size
  
  25KB
- MD5
  
  7a05c8435fb60f43958120b22b653b54
- SHA1
  
  79d7122e4ab89dc9978fcd48fcbf0c6b8ae3f690
- SHA256
  
  7c946f750413716a714884c8836d24aa6d2561b48e7f3397bab88af348e078ec
- SHA512
  
  74800a623e4789c245095b6ad0cc03ec8eb00431487e7977bd3bc5cbf0278480474d74fd194873f220dd5682eec88864095659315f68d650c1cc8b40435b182c
- SSDEEP
  
  384:j9NLeETizwsASWjsUE2rBiQtp4VmsdXurvZJ4EndDGgDgf2hcU:xNLXiHAS+E2rBi7mbrvZJPdDGgUf2hcU
Score

3^/10

discovery
behavioral17
- Target
  
  Blox-Fruits-Script-Roblox/imageformats/qwebp.dll
- Size
  
  402KB
- MD5
  
  b9416990af043ca8cfa668121184c05d
- SHA1
  
  4181d92e91704b961a22b51713705d53dda0cf51
- SHA256
  
  50fcf1fed7612ae4c346d7ae7dec3ebbbd2ac31c5e954263a7bbc655502e3b03
- SHA512
  
  e303e4b166ada78dbe75639b73efe275a0e4f49a1cd2da5016e1f31a1a012aee383e6acc21d63561e78321b1e162ec9cfec3915909e698d2064b1fb0dd33de76
- SSDEEP
  
  12288:llTSf8S+PHunhrYzVcS/CQVy7wycv+QrUwDHHgxgG:L08S+PO1OVcS/XVykyI+4M9
Score

3^/10

discovery
behavioral18
- Target
  
  Blox-Fruits-Script-Roblox/playlistformats/qtmultimedia_m3u.dll
- Size
  
  28KB
- MD5
  
  ef5291d51807167542bac67168d712fa
- SHA1
  
  58abbbd638afc71479b846998f601ed2fa912a78
- SHA256
  
  de588a423926b9943737e16799048a97160dfa83e4d46ff9b2278fea1df11d9e
- SHA512
  
  8a7aa886fb9257d7a245890852c3d0cf6dc5360f57f8ba1e4269b28807594cf040d192b8b0b2616b8400c6276bf117bba634f522e179cf0d4511054dadaa7dc1
- SSDEEP
  
  384:TWOC4NFPb0hOBHXjPL3VQ7i17hAXuXWwsP28ondDGWDgf2hyp:aKHB7LK74hXWwsP28mdDGWUf2hM
Score

3^/10

discovery
behavioral19
- Target
  
  Blox-Fruits-Script-Roblox/position/qtposition_positionpoll.dll
- Size
  
  38KB
- MD5
  
  269d64b6d6ec6da9117c6ccf399a80c2
- SHA1
  
  97bbe6795707585acb8fbb3888ae5544bfbed4e2
- SHA256
  
  f372874e4e32e42d22a9a96a680532f5c9711f05e188a29aeb6afba87ec272d1
- SHA512
  
  5842da259ca0f00f8129cec7aff53df033f8258269050ea54bb3ec1f5069324399f6fb4407f9b1568ed596d1228785b4cd32cbee6371a1d3a228a88e7d8c6b4a
- SSDEEP
  
  768:ioOiEVUziedOOXPI6W0Vqe5ycMdDGabNUf2hr:ioOiENedq6W0VqNxrxUfO
Score

3^/10

discovery
behavioral20
- Target
  
  Blox-Fruits-Script-Roblox/position/qtposition_serialnmea.dll
- Size
  
  52KB
- MD5
  
  67cae8213a5d6f2a8ce3467f62be5bbb
- SHA1
  
  066c149c3186a6820535004d1a4308b6fb70ad3e
- SHA256
  
  a4eab23bed94219326e1a605892394cadedb8964a70dedda8aff14cb6a391140
- SHA512
  
  94723313d79691bbf11afb27df0326e8c9ffe0a31c5da53c79616baeb9154c914fa96a20eef9e3efd4981cc92c142e9b541937cb870b6e9e81c39b2d434a8b3c
- SSDEEP
  
  1536:LwG43uudlVSu5cZvRAjMHsAICyYGv7/sn2N0Ufx:LwGSuudlHiROMMfCyYGv7/3NR
Score

3^/10

discovery
behavioral21
- Target
  
  Blox-Fruits-Script-Roblox/position/qtposition_winrt.dll
- Size
  
  47KB
- MD5
  
  458c0aa6f7121b0c4758b99b8e7fc2af
- SHA1
  
  f31e9ce76118946dfd599e23db2342da12ccd4a2
- SHA256
  
  16c5b3634501969356f29eda585410102e98611d07eb2315db5616d44bb82087
- SHA512
  
  152793350da459c3829f8554927f4163e6b80bfaf435039bc1df2d96512cc4fe844a5d775d92d435d7f32010daa76e6407934675b2bca711f7ffd2bcad784827
- SSDEEP
  
  768://p+MMX6IoG+q0BX6kUyn7r90fXYRnROvv/aIzve0k9JdDGGUf2h0:/R+MMq/5BX/V7x0foRnRexzvVcNUfh
Score

3^/10

discovery
behavioral22
- Target
  
  Blox-Fruits-Script-Roblox/sqldrivers/qsqlite.dll
- Size
  
  1.1MB
- MD5
  
  38f346032989021cc7024cfd4e108377
- SHA1
  
  a35817aa25c114f75ddc46581f814b556bd7a556
- SHA256
  
  782a28b30ea82c38a5ade1ce73f489c7a8b2156b0c4f3e03b57263322667b148
- SHA512
  
  fe130cdf7e086a7fe5100c15ecdf511f52a636f0176894f3ade6969dea604d9f372d5b256f19f5e267cafad4c567a5d3d21e91134da0bb974f0b798bdae65bbe
- SSDEEP
  
  24576:Z1wLAPlRp06zGz+uhVzS0r+QyHvunAoqzgyBZJDdLIIzhV9IZpsR:8Lmp06Epx+jUg0yBJ5hYA
Score

3^/10

discovery
behavioral23
- Target
  
  Blox-Fruits-Script-Roblox/sqldrivers/qsqlodbc.dll
- Size
  
  72KB
- MD5
  
  340b067fbbc32574ea14b8018da69797
- SHA1
  
  11abd4cad1ea51d24791df3501dc1de766adfaf0
- SHA256
  
  001eff38874f7526fb4cea4b0b28215b55b321ec8c116f2e175bbd604706669d
- SHA512
  
  fdc90e74561fb1f48a0e72a6fe41bf3c9162b93845bf56c47c94da4281a1645ad0e18987b47b05f7aaa712e06bfdf4825e974cf6a6b8ca5aa18b3aaac31c841a
- SSDEEP
  
  768:KKQfNPFNCQLwRebhZKHbFXmAFooXT/+SN6QSFf50pdwvnS0NdpaOyxliHPs/MJIi:kftBhMsJfpHAOlHB8GwOON+hFhUv0Ufm
Score

3^/10

discovery
behavioral24
- Target
  
  Blox-Fruits-Script-Roblox/sqldrivers/qsqlpsql.dll
- Size
  
  65KB
- MD5
  
  735da13e49f415ad9e65c6fc4727158b
- SHA1
  
  4e8a5858e94fc477d64ca6b051e0f1194563e9ad
- SHA256
  
  ce22924e026cd34068e9aab334e1deddacc80cfd7c9d80426193540875396362
- SHA512
  
  dc3f18440ac7ca6a018a6630b24a7f24e64c5c98e0b30d986b7b70d1541c9f8a4e30024244b8f06e454aa306256406042623554d4599f02166a92db662756857
- SSDEEP
  
  768:4Kbsu6DyAbiaEGVtmDwYz9mv+VI3QC2uXAydDKtAV/a1atAFlLKcENwXRQhkdDGy:AXE4BIC2uXAydQHKcENwXRQhk0UfV
Score

3^/10

discovery
behavioral25

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25