Overview

overview

10

Static

static

3

greeting_c...ed.exe

windows7-x64

10

greeting_c...ed.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    greeting_card_factory_deluxe_v11.0.0.6_pre-cracked.7z

  • Size

    5.6MB

  • Sample

    250129-qjw4eayqbw

  • MD5

    0ef975861755ccdbc69562605222e13f

  • SHA1

    7139a45d44a47b6773f003ac56ff66865daf598c

  • SHA256

    9dbe47354cb359eb6d95d8715bad32073e34a6967813ebb44a9f4b2d2d240987

  • SHA512

    3cc0045ab75bd860777f8379a31c10558b37f3cce2bb71513e9e893515be56583ae1c0dc338c2a79c8d15d292c9c382a67e74630d24ea003296ae3b189633928

  • SSDEEP

    98304:8mup+RXZI9sFTvoKmx6brV+JmO5NwThPgmow8iw/b5mpoDx/Jd07ncuMH9tb1:GKXPBgnx6brcJMxOZ5hxb07nZ0tJ

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://toppyneedus.biz/api

Targets

    • Target

      greeting_card_factory_deluxe_v11.0.0.6_pre-cracked.exe

    • Size

      763.3MB

    • MD5

      9686bb5cdd748b208016c2339d4521a7

    • SHA1

      a281343f996125606f454eb45b2c176977200bec

    • SHA256

      6870274af78654a78c6587586255c288a802a44ed62d1fc9dd92959cf629ab67

    • SHA512

      ecdeda34707ee004547b30cf546a7f41aa6701ed847f371d656913677eec9f2a9f9a8f7987775d990f91d957020c7461c54b5a91d14ef3faed3aa4d77c10ab5f

    • SSDEEP

      196608:pb0fAErblQwA7oXuX5TZYr94wRwSXYPi/5q:F04Ec7oXupq4vSXci/5

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks