lumma | 88be9326e3346393b29458adc255487af80b27397cb51b81998f310e3e5bd581 | Triage

Sharing

General

Target

C44.file.C__Users_FAT_AppData_Local_Microsoft...dows_INetCache_IE_TP17GFQC_random_1_.exe.NtClose__.1037
Size

465KB
Sample

250129-md6h4stjdj
MD5

8ef91a0832f26ef03ba04fc0503ea6ca
SHA1

5e79b2d9b66df06ae4a161990cd411f255e5b612
SHA256

88be9326e3346393b29458adc255487af80b27397cb51b81998f310e3e5bd581
SHA512

2746f29d1c53075dc5844cc1a85c2139a8168533777bcdab01d81f729ceace438a19aa8e8835171507c544c35a8c9ba8b46e34600e2009cf1c758e53ca82297f
SSDEEP

6144:VKghTpr9EVw+yNv9WBdJz147ZdyNNaTgW1aGSqbZCLnrCpIZl1iatmr5bNLsw6j5:jpryyS5z14+NYUCaEZCbBLzY7sRiCl

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://toppyneedus.biz/api

Targets

- Target
  
  C44.file.C__Users_FAT_AppData_Local_Microsoft...dows_INetCache_IE_TP17GFQC_random_1_.exe.NtClose__.1037
- Size
  
  465KB
- MD5
  
  8ef91a0832f26ef03ba04fc0503ea6ca
- SHA1
  
  5e79b2d9b66df06ae4a161990cd411f255e5b612
- SHA256
  
  88be9326e3346393b29458adc255487af80b27397cb51b81998f310e3e5bd581
- SHA512
  
  2746f29d1c53075dc5844cc1a85c2139a8168533777bcdab01d81f729ceace438a19aa8e8835171507c544c35a8c9ba8b46e34600e2009cf1c758e53ca82297f
- SSDEEP
  
  6144:VKghTpr9EVw+yNv9WBdJz147ZdyNNaTgW1aGSqbZCLnrCpIZl1iatmr5bNLsw6j5:jpryyS5z14+NYUCaEZCbBLzY7sRiCl
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer