Overview

overview

10

Static

static

3

New folder/Set-up.exe

windows10-2004-x64

10

New folder/Set-up.exe

windows10-ltsc 2021-x64

10

New folder/Set-up.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20951876300.zip

  • Size

    11.7MB

  • Sample

    250122-tywb7svncx

  • MD5

    87269b56e90da7ece10380a2015e26d5

  • SHA1

    8f7a5d941df57eff64ae287da3b589b788eef893

  • SHA256

    d27b7d7734c4f718e09bdd9864771c821607a92b91deb0946c8808ee97a20e06

  • SHA512

    6aface7e8666d6abebe5b83a581249b308f9df69fdcd0511512b53f35f0c2ed88af50ef73d104cf4551ae406c02b1b415bdccee6274857599d23a7c5f1497e16

  • SSDEEP

    196608:p1IIsUyuJh2Xu/Y/tObDkmaDW9JX0ZG+aRKHNRIwqelbIFDV73ARZcq:p11jh2XiYtqD1aDWJXu66y75wR1

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://sordid-snaked.cyou/api

https://awake-weaves.cyou/api

https://wrathful-jammy.cyou/api

https://debonairnukk.xyz/api

https://diffuculttan.xyz/api

https://effecterectz.xyz/api

https://deafeninggeh.biz/api

https://immureprech.biz/api

https://wishbusher.click/api

Targets

    • Target

      New folder/Set-up.exe

    • Size

      86KB

    • MD5

      3bd79a1f6d2ea0fddea3f8914b2a6a0c

    • SHA1

      3ea3f44f81b3501e652b448a7dc33a8ee739772e

    • SHA256

      332e6806eff846a2e6d0dc04a70d3503855dabfa83e6ec27f37e2d9103e80e51

    • SHA512

      7bbb3f3af90443803f7689c973a64f894fb48bd744ab0c70af7dfa7c763354dc6f67a7fbb7053d38b0c6611b0aaa532e73eb2579c1445b8a31c573f8bf972a67

    • SSDEEP

      1536:EU5EG5XI/6POYy6SAi11XFDwYVyjThxXeZBHl+YMk8iVbNuissy:95EG5XI/SOOQyYVF9l+DkvVp6

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Executes dropped EXE

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks