lumma | 965e50b6520fa5584c6f92b2d4063461fcd5019f2c5b04c806d90d023a923846 | Triage

Sharing

General

Target

A.zip
Size

367KB
Sample

250124-rx4wvavkfl
MD5

10cacf33f623621b12d8af0b062e173e
SHA1

2ea875206f0eaa799e5ac7df626a8466f6179c46
SHA256

965e50b6520fa5584c6f92b2d4063461fcd5019f2c5b04c806d90d023a923846
SHA512

3cb3fab481763feb5b3f515eb5f445b93190068d2098f4022af632322e9371620ea0096029b84d562171b9cdd5d40496442c1240c3ef1e4939da20164cfb618a
SSDEEP

6144:NcUAjZfPb/TEFkERUK7L2WMmo2NUPXlYpqC7kMGcZ1sWbEmroFVGTG2:Ny9PEFlRv7L2WMGU9YpqQkMf1sWbEmaI

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://toppyneedus.biz/api

Targets

- Target
  
  AERO.exe
- Size
  
  395KB
- MD5
  
  4a5fd8e72daca83a621f63e4ee3f7fab
- SHA1
  
  faf9eca5a09bad422490112fb299d887f975c581
- SHA256
  
  8414d9d2fb54911bbe5649cdc7ca80e61479a3f1d5d707f2a6a91d5477be188f
- SHA512
  
  dba4ee4b4487f773207349cf4f3214ca4d6823f769c1c66e90d1e3b169f923cf793e7df2879a20663c5e00bb48bca6b2bcf3cef7f1753902b755734e5136962f
- SSDEEP
  
  6144:td13dkERUKVL2EMmoiNUvXlYpqCVkMGaZ1AWbEiroFVG7Gz:H13dlRvVL2EMKUdYpqUkM31AWbEiaci
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2