Overview

overview

10

Static

static

1

appFile.exe

windows7-x64

10

appFile.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tiktok_v37.8.5_premium_mod_apk.7z

  • Size

    17.2MB

  • Sample

    250123-sy5efatqcw

  • MD5

    6240fd3a1124fef6af3c67590799be49

  • SHA1

    95ae4bee747eafda81d52882900ebd0cdda59608

  • SHA256

    0be6bc2d9b159620e3043218265fbb11b2b302d23ca5bb9cf0e6d8577582d607

  • SHA512

    3fe62fcb9d291c30365464dc14e93024865d93f93a97e9599a989fd8fd6fc24574f5d577a22deeb8d4292f0d1146e50d4a1c97888a5027bed7d484412f85dd91

  • SSDEEP

    393216:UDcBcN5eXOQ86xZjMSoEj+5WbtdTzspPuaoiTgPSvo0:HmN5LiZjdoWsWbkL5vo0

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://toppyneedus.biz/api

https://suggestyuoz.biz/api

Targets

    • Target

      appFile.exe

    • Size

      843.2MB

    • MD5

      d8adeff8cbaa54d6e812c7678a42e2cc

    • SHA1

      7dba52751f7162254b06ee0b39d83b906e3d194c

    • SHA256

      85215291ac6eba0e637b92c6676147fc0e62615f5c3492e5a41076efd7efef17

    • SHA512

      f86927cf19dc62d338d59b2999a77b44f65f27beef8da95c4cb953e125260df82b7e7e01ef43c8ec5a81518396eda167bbd28747199c1bf00fb38794897e18bd

    • SSDEEP

      786432:3OZ1sUMG3o+jg2AFRiN5ShM1snlKtnzkKcKW:3mSCYCKiN4hM1snlKtnzkv

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks