lumma | a70df4bb505ec1c98001c77b542622059c3558833718f5433c39eb4484930c50 | Triage

Sharing

General

Target

Zotex.exe
Size

494KB
Sample

250123-sgl7jatkgx
MD5

0fac30c3d1a3f9c82a4db37c25f40786
SHA1

d444a766986655266a3b5f8cabbe14c3356cdf35
SHA256

a70df4bb505ec1c98001c77b542622059c3558833718f5433c39eb4484930c50
SHA512

e71be065b3e161074eed2c363054f7505590b623bbcbc2ec1f5a0dce1ae39b8078a7c819a20c6f2b26ea3d1e466223b7e5073a853de23fd2ee8c94917a7795f9
SSDEEP

6144:0nhInz2I5HO4UmHjmd0JHpRs+MLOwCllGvCclptIBpC5iIxxYXy84GkQ:jn5RZjmeJJRsFLOevCsIgd0J

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://toppyneedus.biz/api

https://suggestyuoz.biz/api

Targets

- Target
  
  Zotex.exe
- Size
  
  494KB
- MD5
  
  0fac30c3d1a3f9c82a4db37c25f40786
- SHA1
  
  d444a766986655266a3b5f8cabbe14c3356cdf35
- SHA256
  
  a70df4bb505ec1c98001c77b542622059c3558833718f5433c39eb4484930c50
- SHA512
  
  e71be065b3e161074eed2c363054f7505590b623bbcbc2ec1f5a0dce1ae39b8078a7c819a20c6f2b26ea3d1e466223b7e5073a853de23fd2ee8c94917a7795f9
- SSDEEP
  
  6144:0nhInz2I5HO4UmHjmd0JHpRs+MLOwCllGvCclptIBpC5iIxxYXy84GkQ:jn5RZjmeJJRsFLOevCsIgd0J
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer