lumma | 5f65b24f78f86962aa0646abb4ea02eaeb7a7359d9e1f97e1d1cacaf1b698476 | Triage

Sharing

General

Target

Nexol.zip
Size

418KB
Sample

250123-3dlrpszngj
MD5

b2afc31d65af2f9be003b3a235ea8e35
SHA1

8080d5ad31e68f91b6f50e47f2857662a3b5809c
SHA256

5f65b24f78f86962aa0646abb4ea02eaeb7a7359d9e1f97e1d1cacaf1b698476
SHA512

2e6a8d0bf18c7c99dcdc8423afc0e7ad93957d87918fe2d75d20291fa2e7b08d4e3109b42fa9eaf9005f4d07d096c5559f5f36c87382eb5fe35c2c42fdc2e725
SSDEEP

12288:uV/0SU/ObTWGXgBmCIsFAVfIwVlXKYdem4z/V:vGbTWHxIZVfb7XKjmkd

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://toppyneedus.biz/api

https://suggestyuoz.biz/api

Targets

- Target
  
  Nexol.exe
- Size
  
  521KB
- MD5
  
  1eb5bb11035c35f7a4591e1e85938bb4
- SHA1
  
  6bceeaa5aea24f09dee83d2d7858170ff90dfb2c
- SHA256
  
  085c381ae6f97d43a82ba5960c38c4f37db85a51b9dd8cf2e2f671d5fd3dae56
- SHA512
  
  e7eaf7b852f3d88eeffcc2104cf2e1b56c20713c3f6bd4ceba930125fb4dcbaecdebc83489dea672b7d7f5358cf974a899a9022b9dc76dbbf44d4d6158e35ce7
- SSDEEP
  
  12288:utPYLwhHJ6mhUvkj0EGXgBmWosFArfIwFzXKWde04N/g:u2Lwr2kjRHnoZrfb1XK10IY
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer