General
-
Target
sample
-
Size
2KB
-
Sample
250124-vgajvayjcv
-
MD5
11dd8a33860b676fce1bd3d687405da5
-
SHA1
73145232e85321df1b21966c3e57ca2e85158ad7
-
SHA256
2e40f403e927761b1f091c34bf804bf7647b39bf9c33b16283f0ece2f7eb471a
-
SHA512
da82a6b98590c51365c109f134232e066063580e77c8bae8fcf3d6d108daee12caa2b6d268c2c4b4211da73b31bce80ce87d4f9458de2ef28fc913a103c01756
Malware Config
Extracted
lumma
https://toppyneedus.biz/api
Targets
-
-
Target
sample
-
Size
2KB
-
MD5
11dd8a33860b676fce1bd3d687405da5
-
SHA1
73145232e85321df1b21966c3e57ca2e85158ad7
-
SHA256
2e40f403e927761b1f091c34bf804bf7647b39bf9c33b16283f0ece2f7eb471a
-
SHA512
da82a6b98590c51365c109f134232e066063580e77c8bae8fcf3d6d108daee12caa2b6d268c2c4b4211da73b31bce80ce87d4f9458de2ef28fc913a103c01756
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Downloads MZ/PE file
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
1Component Object Model Hijacking
1Modify Authentication Process
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
2Credentials In Files
2