lumma | f2b49627af9961a6e4888c21b12d524dfb97545b4b479d5c5c75cd396faa0b61 | Triage

Sharing

General

Target

Tool.zip
Size

3.3MB
Sample

250126-sb6nzswjfj
MD5

5c7251cec366d74b79c1efe9531688aa
SHA1

7fc2ad639fc7d8b2624ffbc64d26df29d564cf3c
SHA256

f2b49627af9961a6e4888c21b12d524dfb97545b4b479d5c5c75cd396faa0b61
SHA512

57820f7a5d4b5010645dc3dc3fd56b8bb0dc6b561ac8a30e31f472e4b25b2aa57a047b0aed275f9e924855d9461b5102ebcc6a17d84dfc33d1ca60eaf5e4a25a
SSDEEP

24576:elrdQHd+wp5BuM9oAt2A/R6S6hvsHSVGCHPo:eVaUQBuM9o02Whasysr

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://toppyneedus.biz/api

Targets

- Target
  
  Tool.exe
- Size
  
  652.0MB
- MD5
  
  85ea77a023d78c44c4f8078b31ec4860
- SHA1
  
  6ce9e74aca1f17bc710b4aa544da83b4300b0f53
- SHA256
  
  17d3cb09bb6f2bec988268b6c4a7ae97b4afc5bf46813577c62ce554f1510ccd
- SHA512
  
  692666081ce8c9499890608043c58edadccaa409ae87b5b1996b1607c8717eddd61f11fc8522316278bdd3635ac9becd267b54cb840769e0f3495a0524fe4921
- SSDEEP
  
  24576:Rqc0KbQHLoN5rusZoANaABR4K6VRi7ytGCBi:ccyrsrusZoOa8hsieE5
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer