lumma | c7258d057f5072211b50e9edcda0bf1d63b8285c4a463ff81ebbe036aa850862 | Triage

Sharing

General

Target

Newfolder6.rar
Size

6.1MB
Sample

250124-vzn5ysyrdw
MD5

27b4dc830b401a9ef6a405b25f991c9c
SHA1

960071c674b6d7c0066ccf4ab7d9fb31c958567a
SHA256

c7258d057f5072211b50e9edcda0bf1d63b8285c4a463ff81ebbe036aa850862
SHA512

f5ec58124c86ba3f67c8c86fa1899ee6eea3a27e4c46e59c3d997258af548a2e15cd7db5e23c6c89cf4fda2b555b38e7c69b66871e09fb2e0fdd5de5e75301dd
SSDEEP

196608:1hIil4GQnWGqXX2eDUgfFlHNY6k8ak1u4:uGQWT2SJftY6khV4

Score

10^/10

lumma discovery execution stealer

Malware Config

Extracted

Family

lumma

C2

https://uprootquincju.shop/api

Targets

- Target
  
  New folder (6)/BoostrappersSv.exe
- Size
  
  1.1MB
- MD5
  
  363a51e95adbad71753bcb5674316536
- SHA1
  
  0e45bc776c0447c348ecd6764c04ecf14a3c6602
- SHA256
  
  50053689dc55232b8df6601c03021b8fd62696bdcae3fcc4ab412ff730f24eb2
- SHA512
  
  a2c7b3bcc8abf08ed96b5295a17f04c947f01a1b665f016d2a1ff053bce0a366871b687fd9f541f58095ad749f4854db412f4f8fe7c7e5e40e51390a270a38f4
- SSDEEP
  
  24576:qwhppQXcyjToPPlBmna4rs+fUfgehHoe02NVO6:LppQMyAPPl0rs+MIehHpnl
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2
- Target
  
  New folder (6)/script/de.pak
- Size
  
  367KB
- MD5
  
  cfc9d90273c31ccf66d81739aa76306a
- SHA1
  
  ecab570041654b147b3dd118829e2f7ae668f840
- SHA256
  
  8bd127d689be65e45bb8d2a2ff66698200da97835809c6b56ec9e2929b70618a
- SHA512
  
  c9a5058b34c4045ff1b7ae25f1f47bff14d06b3a97b7b1f30da65618ca7aeb0638d79f4e1cea4773cd92d9dfa7f9d2203e5734d0cfe11ee2d2a460d6cec18380
- SSDEEP
  
  6144:F+QNkAjzYyqSFaPjON3Be0mzBWCj0Xs5HgIxBI0gql:cQLjMyvFaCN3mzBd5xy0gql
Score

3^/10

execution
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer

behavioral3

behavioral4