lumma | 8139fd40d8ab568339c80f0c842f4b4221e252ff1c5bf656dc18392be1bccf9e | Triage

Sharing

General

Target

MUV5O_Setup.exe
Size

1.1MB
Sample

250126-pftcnssmbk
MD5

a34ee547e2668d6daacf56fbb8f4dae0
SHA1

a369e5b4c65acf7f899583dbddac4fb9ad7e6071
SHA256

8139fd40d8ab568339c80f0c842f4b4221e252ff1c5bf656dc18392be1bccf9e
SHA512

25066ce40f7023e9dc64b639a2da95360e5709ab5ef71a2a185e54944e7d6aa4e5b68a76f22a41f58061fb50119a20434371a57f9cd7f3b03be0699ef7a7b01a
SSDEEP

24576:suMKVkMPBB2n+mRSX43Q4C1EqTY34L8gQ6cHTwkpLob7Tb7j:WK+ow+m0XgqsoL8gsTwOa

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://leerborisup.shop/api

https://toppyneedus.biz/api

Targets

- Target
  
  MUV5O_Setup.exe
- Size
  
  1.1MB
- MD5
  
  a34ee547e2668d6daacf56fbb8f4dae0
- SHA1
  
  a369e5b4c65acf7f899583dbddac4fb9ad7e6071
- SHA256
  
  8139fd40d8ab568339c80f0c842f4b4221e252ff1c5bf656dc18392be1bccf9e
- SHA512
  
  25066ce40f7023e9dc64b639a2da95360e5709ab5ef71a2a185e54944e7d6aa4e5b68a76f22a41f58061fb50119a20434371a57f9cd7f3b03be0699ef7a7b01a
- SSDEEP
  
  24576:suMKVkMPBB2n+mRSX43Q4C1EqTY34L8gQ6cHTwkpLob7Tb7j:WK+ow+m0XgqsoL8gsTwOa
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer