lumma | d98b0c354db1cd2253eac1b87eb85e5e93b0c0d089dffddba8b85a4f740c4dd4 | Triage

Sharing

General

Target

KMSpico.zip
Size

7.8MB
Sample

250127-1tbwbsxmej
MD5

773712f020bb254b15cd5f7456c2ec7e
SHA1

495b44de6599b32c5561880852b3761abe918a61
SHA256

d98b0c354db1cd2253eac1b87eb85e5e93b0c0d089dffddba8b85a4f740c4dd4
SHA512

741054b519fd4b1f21dfecc356435c2da7a2f5c9e94f34a45d5971f6e6c9e49edc08ed2ddd6d1fbc8b7cae5a1fc1ba49bd5ae2cf2e8b1f035f3a4709dc1a65df
SSDEEP

196608:yoV3FJeVVUNmRFs94NkxrLSE0m6S0UxFwvidl8SmR2kDMu7u:xFjiV6AU4NafSE5vcSsou7u

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://toppyneedus.biz/api

Targets

- Target
  
  KMSpico.exe
- Size
  
  8.4MB
- MD5
  
  ca48226df272a89b2d2622eb0ea90e2a
- SHA1
  
  55a245e4d74b6085fbb500474195e01bea262f68
- SHA256
  
  deb84edb1b68cf868beb0e84e40d06cc101ee1cde8ca03e112f710db6ca07bfe
- SHA512
  
  e2130d93b671834dfe3b306fc1603af2fff84163991fb4490b17113585528b56b2f310cd37974aaf650567d6275f17e248286561e0b1e5047eb9060e7edfee73
- SSDEEP
  
  196608:lHg2bkWJWRVifVqP1kyyM5r9a06OgR7JzvygVgCKaUoK6kgSvxQv:lHg7WQ19kFyg06R1y4gCKI52xQv
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer