lumma | 4b1fd00e04511be6e7d9050313a3703dfd1befddb063c916065a9a5995e66d7a | Triage

Sharing

General

Target

2025-01-26_cb6ee3a0f7ee99282680e99514fecdac_frostygoop_poet-rat_snatch
Size

8.6MB
Sample

250126-f5tkasvlam
MD5

cb6ee3a0f7ee99282680e99514fecdac
SHA1

aa1b376ff50a4a027288b8633d65bc3bddab2cac
SHA256

4b1fd00e04511be6e7d9050313a3703dfd1befddb063c916065a9a5995e66d7a
SHA512

4b77d3a8c023295ddb120b3b021a62197fe398b52323d795b20ee6c9c71758e2fa921c5a480ab45887e22a9de89343ea273e031f0d9ce49754e1cb26c1b48880
SSDEEP

49152:5bB5CXZxWxS6fToCa1JJly9m7xEsB/5+stMMv8Kr3PjtPE8E2DhP8qTg3+Ufv8C5:5bb8sSes1JJ2WOsDvvN++0rOhJCOUC

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://toppyneedus.biz/api

Targets

- Target
  
  2025-01-26_cb6ee3a0f7ee99282680e99514fecdac_frostygoop_poet-rat_snatch
- Size
  
  8.6MB
- MD5
  
  cb6ee3a0f7ee99282680e99514fecdac
- SHA1
  
  aa1b376ff50a4a027288b8633d65bc3bddab2cac
- SHA256
  
  4b1fd00e04511be6e7d9050313a3703dfd1befddb063c916065a9a5995e66d7a
- SHA512
  
  4b77d3a8c023295ddb120b3b021a62197fe398b52323d795b20ee6c9c71758e2fa921c5a480ab45887e22a9de89343ea273e031f0d9ce49754e1cb26c1b48880
- SSDEEP
  
  49152:5bB5CXZxWxS6fToCa1JJly9m7xEsB/5+stMMv8Kr3PjtPE8E2DhP8qTg3+Ufv8C5:5bb8sSes1JJ2WOsDvvN++0rOhJCOUC
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer