lumma | 253cdcfd6f8b6e52133bc59df92563e432b335d2a207f2f8e01fac2423ccbac8 | Triage

Sharing

General

Target

c.ps1
Size

533KB
Sample

250126-lh65rsyrhr
MD5

caa47a6cade8d516436111856cc80e9b
SHA1

972855c99b5d2df23aa7d329279e34dde2bbdb34
SHA256

253cdcfd6f8b6e52133bc59df92563e432b335d2a207f2f8e01fac2423ccbac8
SHA512

133809dc06d36b727e7c79ec9e2dd86ec1520d559072d3b4f4f0e526cf3eada4a8bd573694c33ac9543bab0d8bcd7d3de1509eba6b98be94e6dc98bb2e92047f
SSDEEP

12288:ZcTOT1uStOOovc4mkab9NY+2GyKKRoiOwFL9:ZcTPStkvcVZT2GyJoiOwFL9

Score

10^/10

lumma discovery execution stealer

Malware Config

Extracted

Family

lumma

C2

https://toppyneedus.biz/api

Targets

- Target
  
  c.ps1
- Size
  
  533KB
- MD5
  
  caa47a6cade8d516436111856cc80e9b
- SHA1
  
  972855c99b5d2df23aa7d329279e34dde2bbdb34
- SHA256
  
  253cdcfd6f8b6e52133bc59df92563e432b335d2a207f2f8e01fac2423ccbac8
- SHA512
  
  133809dc06d36b727e7c79ec9e2dd86ec1520d559072d3b4f4f0e526cf3eada4a8bd573694c33ac9543bab0d8bcd7d3de1509eba6b98be94e6dc98bb2e92047f
- SSDEEP
  
  12288:ZcTOT1uStOOovc4mkab9NY+2GyKKRoiOwFL9:ZcTPStkvcVZT2GyJoiOwFL9
Score

10^/10

execution lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummadiscoveryexecutionstealer