lumma | ac5d5310123af70db0e6985072448e19e1e714f709a74743a04094807f25c363 | Triage

Sharing

General

Target

Aura.exe
Size

494KB
Sample

250123-sheh3stlay
MD5

4a0b331b2989396ec96ba086515716cb
SHA1

bc83cfc66f9feb3e3a8e73a0c1a97e057b2599f2
SHA256

ac5d5310123af70db0e6985072448e19e1e714f709a74743a04094807f25c363
SHA512

0425e5883f985b685fa390e03f7c6b49de8ca7ab52f3038fcdc564c4e1a8be26405fcbe2810b08b2c0ee75501920a411bbac8b0b2009b633eb2eac479d7e0b4a
SSDEEP

6144:pnhInqREf6XFMCPgcARByZeCVUgArXnqAgAAReV7s+bWu0ELvfg2vD0B1XkQ:jREfjUgBRiUR3qARAReUu0Er0B1XJ

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://toppyneedus.biz/api

https://suggestyuoz.biz/api

Targets

- Target
  
  Aura.exe
- Size
  
  494KB
- MD5
  
  4a0b331b2989396ec96ba086515716cb
- SHA1
  
  bc83cfc66f9feb3e3a8e73a0c1a97e057b2599f2
- SHA256
  
  ac5d5310123af70db0e6985072448e19e1e714f709a74743a04094807f25c363
- SHA512
  
  0425e5883f985b685fa390e03f7c6b49de8ca7ab52f3038fcdc564c4e1a8be26405fcbe2810b08b2c0ee75501920a411bbac8b0b2009b633eb2eac479d7e0b4a
- SSDEEP
  
  6144:pnhInqREf6XFMCPgcARByZeCVUgArXnqAgAAReV7s+bWu0ELvfg2vD0B1XkQ:jREfjUgBRiUR3qARAReUu0Er0B1XJ
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer