lumma | cb68cc8427e2cd42153c53aadab9f7ff8cd1550be2fef1e96f9e7f7cecc0baa5 | Triage

Sharing

General

Target

random.exe
Size

404KB
Sample

250122-q5clwszpcj
MD5

d72d18d95f5fef9487e66d67e01eab9d
SHA1

f3f3f03b584586a9c3ae9cca68604792026d20ef
SHA256

cb68cc8427e2cd42153c53aadab9f7ff8cd1550be2fef1e96f9e7f7cecc0baa5
SHA512

6288003c51f52bb6e53d10741d1514c4449846970c7ea06aa9fe71de3c8cf8002aed65db4a19a263c9881b165156aa93bc1f57a9e1cf525e09c2185849bda4b6
SSDEEP

12288:fQXNUkhvrUrv9ysegjTkH9O+OYJ0Lr8zspOe4J:f5khwrvpeaTkdjOxr8zIORJ

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://impolitewearr.biz/api

https://toppyneedus.biz/api

https://lightdeerysua.biz/api

https://suggestyuoz.biz/api

https://hoursuhouy.biz/api

https://mixedrecipew.biz/api

https://affordtempyo.biz/api

https://pleasedcfrown.biz/api

Targets

- Target
  
  random.exe
- Size
  
  404KB
- MD5
  
  d72d18d95f5fef9487e66d67e01eab9d
- SHA1
  
  f3f3f03b584586a9c3ae9cca68604792026d20ef
- SHA256
  
  cb68cc8427e2cd42153c53aadab9f7ff8cd1550be2fef1e96f9e7f7cecc0baa5
- SHA512
  
  6288003c51f52bb6e53d10741d1514c4449846970c7ea06aa9fe71de3c8cf8002aed65db4a19a263c9881b165156aa93bc1f57a9e1cf525e09c2185849bda4b6
- SSDEEP
  
  12288:fQXNUkhvrUrv9ysegjTkH9O+OYJ0Lr8zspOe4J:f5khwrvpeaTkdjOxr8zIORJ
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer