lumma | 801397812be62baddb411c3ef74127bb1c55c725575de1e13fad5a3f6257ccaf | Triage

Sharing

General

Target

Dark Spy.rar
Size

50.1MB
Sample

250129-ye1vsswnhr
MD5

24ebd6a8c22657feb27e8558477d4cad
SHA1

62536287d61bfce30fb9f66e12d0e8afe2374467
SHA256

801397812be62baddb411c3ef74127bb1c55c725575de1e13fad5a3f6257ccaf
SHA512

7c6879b12d0b8e31c9eb5893664c383738e592d01cb5fd3041fd8590b317622389cb2dad8f308ac08991ece96e0fd4b741180aa73cd6e1c5a64f87d247201d22
SSDEEP

1572864:J47O4bfNxe/T6et/971XJLoMQfWoYOgnUhbXxz6/O:J47/fHe/T6elD5ksoYtU9xD

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://toppyneedus.biz/api

Targets

- Target
  
  Dark Spy/Dark Spy.exe
- Size
  
  544KB
- MD5
  
  bdffc49e7282e00cd90a83af85162ba3
- SHA1
  
  a517c26434a583677564e2e173806a43d28d9368
- SHA256
  
  3531fd65021ae1c852211288c6c81fff47de860d30630e6367ad470199963fd5
- SHA512
  
  623c25584a089861d405362f7286e78c77208e7514ac97924a52f12261cc5a00d12239ad484e5a224abd37889a00cc5c2d43db38a761f702027ae750d37248c9
- SSDEEP
  
  12288:lZkEb6EcwNby4CVxkRngfx9JRV+K6ag77GybEBDM2:Lby5bkBgfPDV+pag77GybT2
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Dark Spy/Engine/Qt5/Qt5/plugins/iconengines/qsvgicon.dll
- Size
  
  34KB
- MD5
  
  c86f23d1986a6edf1943a2ffd562a093
- SHA1
  
  56d0058d0dc006562ee1b735bd9b48f558f0cb95
- SHA256
  
  f128b3a7154433b449ba1af0186d7af7f4d480a2a42d7d0d23102aacf0fb5bc9
- SHA512
  
  9f7fd9b85b5550925318f6e2823a5d5a8dc1cc1aa776aaffd63136289100b68dc59b1bc41bff8f13f9009a3dd0417335de6c7ac25f2e083290a7eeb00b39a092
- SSDEEP
  
  768:krdZm5mjw1lQR8Z3Zf3V+hFem0wKk84XmydDGFUf2hE:Su1lQQ3Zf3V+Lem0wKk849kUfP
Score

1^/10
behavioral3 behavioral4
- Target
  
  Dark Spy/Engine/Qt5/Qt5/plugins/imageformats/qgif.dll
- Size
  
  33KB
- MD5
  
  e3a1338efadabb9fc23d955af9a7e070
- SHA1
  
  dfbe82b183fff002a2e841d73474c78f646fdba2
- SHA256
  
  f1fa3bfeea6a600f2c6d209775154cee349b7f687cb4f7213a8cad8870dbb812
- SHA512
  
  0413a6116e227fa6a3dd7da6fa4bb8db59ed64fc16e37bfa49ca28c687fe791941b3a23193796eb0ece458e87f9f78f587b3a1fe0f188b63b9148037997df1a2
- SSDEEP
  
  768:aL5MPkjurnzyuVlfehyScQeOYGuOU9OOHhTNAYFdDGzUf2hW:aNYnzyuLeEfQeFGuOU9OOHhZAYFOUf5
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Dark Spy/Engine/Qt5/Qt5/plugins/imageformats/qicns.dll
- Size
  
  37KB
- MD5
  
  a59edba49d8cffbce76000842eba6135
- SHA1
  
  9a93760424c7908c105156e97a47ef9e12a242db
- SHA256
  
  525f3e144e71caaa42a981605b3143462e057b82e7ff946e896e9aeec4f83038
- SHA512
  
  908de81da06ca9e7b57c98482a5420136720da67fba4f58e7ad5f877af8af00fa82ef69299102851715d850cf086531fd0bca083f72bcb9c52355d06aed0da5c
- SSDEEP
  
  768:nw7o5IoYXrOOmYaRCNOq9QNdhVJ0hBEH3lMwAJXGdtpZmPdDGGzUf2h2:w0BIf9QvJgEX6wAJXGdtpZmP3UfP
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Dark Spy/Engine/Qt5/Qt5/plugins/imageformats/qico.dll
- Size
  
  31KB
- MD5
  
  7200f8e1af1c6a60501d5fef7772fd0b
- SHA1
  
  5f2bac81a60f7fdfbe8b1a01f111660a3614d679
- SHA256
  
  35cf0ae6bcd1b8322482d40bf2dd693e276548885284b88e6631ab18a0c2c60e
- SHA512
  
  097835d4c8c61c2489e831b31a8bb6f2feea277439d6697b6e3165ccb6e4758986c9a1fa754696da53b6005a041156ff8bc455a71dc31ea799f5891348a07f22
- SSDEEP
  
  768:1wLKUeP1ob4OgufLCJGqU2SZ6HseQdDG0Uf2hKT:4KUeP1WyufLCJGqU2SZ6HseQ9Ufz
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Dark Spy/Engine/Qt5/Qt5/plugins/imageformats/qjpeg.dll
- Size
  
  365KB
- MD5
  
  438b696a9811cd821bbe2c54b5c1b4b1
- SHA1
  
  55eb74a0015228b1e6c1dc97e6f427c9dc804587
- SHA256
  
  84c23191b5e35eaf899358c21445a5377845c0653668bbd99b1aa8796e0248c7
- SHA512
  
  961ed9cfcd61a1fc32de89cb97100aaa9a9225c80673b2176975bf62af7f3a0e77a91fb723ed52c553e10a6f754a5e8c8085bdfbd56ef2de8144c53bf41f4e91
- SSDEEP
  
  6144:QsC804cB4tEXoOitMk5R8vsLK0LXz5pmglF90l7s0aGajl8Z9cg:Qr4bOzk5R+s5LFg9cg
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Dark Spy/Engine/Qt5/Qt5/plugins/imageformats/qsvg.dll
- Size
  
  27KB
- MD5
  
  ac3a9b355c4613b4376392a4157280a7
- SHA1
  
  9ecea6ac45da1a0666c1d2d86618ce85c887b1ae
- SHA256
  
  96868c0ae9041d65b0599fb7a0fadc0f0e551d6dee85597065e42e2ed3ebe1c5
- SHA512
  
  6f4a999d63e448c3d592a6557e1924d13811fc982c8b3e2017a8970d057fba73ca4ad646d22d318ebe6de939cf6c0ec3f2ae2546da801a5583dfd0cd807ee9ec
- SSDEEP
  
  768:WV5VVvwZ12uh991MD9dhQwe+oQQUcesJbT73dDG5Uf2hg:IvwZ12aC9Qwe+ZQUbsJbTLwUfX
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Dark Spy/Engine/Qt5/Qt5/plugins/imageformats/qtga.dll
- Size
  
  26KB
- MD5
  
  367c723591fde64c38202d4c0f5ecfde
- SHA1
  
  c13d74f417601c656f343f00d15e56517ee03b6a
- SHA256
  
  ccd620e74045d9c9157903120140b97419cbbe91fd43337e640c67cd4522072a
- SHA512
  
  31c084ba00e094e30c6f912ecd045e19c4451d8783a80dc99b99098f84c5500665a35ac901b0fde84d04df898ad67448e83539a7daa4928e8c78f798b359b256
- SSDEEP
  
  384:kg8gKOwVg6VjbFnOfEIzPMoVhWyrsdnyBSxQrrVIyndDGdEDgf2hR:kPxOQXOfEnoVh5/BSxQrxIYdDGKUf2hR
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Dark Spy/Engine/Qt5/Qt5/plugins/imageformats/qtiff.dll
- Size
  
  345KB
- MD5
  
  49b6f0ba901f649ab110744e34076951
- SHA1
  
  4c9eebadb5b86147ea94f48eaa6705a4b75b3e61
- SHA256
  
  5128aedf4bd9b747ac848bf85e0ffb99ba814bd8e671adff7d26391d31259050
- SHA512
  
  b42a13f0215a194f77781ac74cf55c24a0f0bc99cc872ea06125cfe12ffef93add0665991339db3b7962262e6d381f20227da3272360450b53993d06bc0ec98a
- SSDEEP
  
  6144:BpYIdJpn0zXsT6DP64icIkjEkaNCTjM+8kBHWNFnHJXGFkDQDWr:jYIp06+IkjeNGjIkZZKr
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Dark Spy/Engine/Qt5/Qt5/plugins/imageformats/qwbmp.dll
- Size
  
  25KB
- MD5
  
  7a05c8435fb60f43958120b22b653b54
- SHA1
  
  79d7122e4ab89dc9978fcd48fcbf0c6b8ae3f690
- SHA256
  
  7c946f750413716a714884c8836d24aa6d2561b48e7f3397bab88af348e078ec
- SHA512
  
  74800a623e4789c245095b6ad0cc03ec8eb00431487e7977bd3bc5cbf0278480474d74fd194873f220dd5682eec88864095659315f68d650c1cc8b40435b182c
- SSDEEP
  
  384:j9NLeETizwsASWjsUE2rBiQtp4VmsdXurvZJ4EndDGgDgf2hcU:xNLXiHAS+E2rBi7mbrvZJPdDGgUf2hcU
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Dark Spy/Engine/Qt5/Qt5/plugins/imageformats/qwebp.dll
- Size
  
  402KB
- MD5
  
  b9416990af043ca8cfa668121184c05d
- SHA1
  
  4181d92e91704b961a22b51713705d53dda0cf51
- SHA256
  
  50fcf1fed7612ae4c346d7ae7dec3ebbbd2ac31c5e954263a7bbc655502e3b03
- SHA512
  
  e303e4b166ada78dbe75639b73efe275a0e4f49a1cd2da5016e1f31a1a012aee383e6acc21d63561e78321b1e162ec9cfec3915909e698d2064b1fb0dd33de76
- SSDEEP
  
  12288:llTSf8S+PHunhrYzVcS/CQVy7wycv+QrUwDHHgxgG:L08S+PO1OVcS/XVykyI+4M9
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Dark Spy/Engine/Qt5/Qt5/plugins/platforms/Qt5Core.dll
- Size
  
  5.1MB
- MD5
  
  b0260ca926759201b9ba4f39cbd43d78
- SHA1
  
  14ce6f859e51d5e27e84c8d0428a3b4b5bfed546
- SHA256
  
  c8946ad803fbda3206037834b5e7ea2c96d1f923a86b4103a0569edf5812b899
- SHA512
  
  e6072094350340c5b08bbb972d1f787583191b57ccc18e6c82da83a28dcad58d7a78072e90cb2324fff6324a3954ed364967881540983704491046ad2d414314
- SSDEEP
  
  49152:S1AH+7g4QrRpvOK8Bbl+Gy+/LZsxRFNHlZTlJsv6tWKFdu9C/cPk4VHEYI9CV4eO:c5gje5lCjzJsv6tWKFdu9CtvDhgwcY
Score

1^/10
behavioral23 behavioral24
- Target
  
  Dark Spy/Engine/Qt5/Qt5/plugins/platforms/Qt5Widgets.dll
- Size
  
  4.3MB
- MD5
  
  98895845aae307f925e28af6068c675e
- SHA1
  
  d70089fe67deee3c196c3e3df48b046cc712273c
- SHA256
  
  8045f9d0fd9dad5a6f48710afeff66da61c22abd4a96d8a62c6941de27b7b2b3
- SHA512
  
  9cd6da2867717b31b92345cda83285c2d188f0670a05ff7530a70f8120699b775415783f7b9b0c81272b43a7ac887caddb0c892c143497e1700cdede52ea0a34
- SSDEEP
  
  49152:Gpo1FNXS+dh75PMvZZNNt+iIo5uL5Sdbtye6cEu0n:UIPqZZUfwusae6ju0n
Score

1^/10
behavioral25 behavioral26
- Target
  
  Dark Spy/Engine/Qt5/Qt5/plugins/platforms/qminimal.dll
- Size
  
  685KB
- MD5
  
  2afd07c16a47b2cde639d777ca7224eb
- SHA1
  
  9a08d20b993c9fb2d070d69ca8e7642dac96df19
- SHA256
  
  81e59d22d5efdc2de84c75386bf136c9e4417eb9164decafb4198d28f29dba8a
- SHA512
  
  b69facb50c0f8ac0c6e994be16509190e57100905d6689b19f0ceba2dcf13a9ae4ec17b2302b9214c32a25d2896aafbeb8e9b4272e1a421b4020963afbf87051
- SSDEEP
  
  12288:49mqUd6YYwP+SbYFBsBHd5TsB0d3zV21lnjbduklgo123zDfEWmd9:49m4Y1+OYABHDsB0x41lnXIeZP
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  Dark Spy/Engine/Qt5/Qt5/plugins/platforms/qoffscreen.dll
- Size
  
  614KB
- MD5
  
  e32bf024e3527cbefcd95e5db93bb8fc
- SHA1
  
  705ac738b7ad7281f31a8197053515a87d7a5099
- SHA256
  
  e8a180285147394733db92a532025a36824ea9416b993dfdcaa8e19a66b8b1b6
- SHA512
  
  032d5069c9e0819465c3f566d8555abf6fe569b4b8b22e67083469f69eef5aa03acb99e0b42c90280aa36396ab6152a4d00a985af5fd4c92d2428ea8ed2e7001
- SSDEEP
  
  12288:FU09s7Ydf07Kw7AzQXSCjsBn8fztOnULj6TOZs8AADIDfEWmmPJ:Fs7q0+wIQXHsBnS4nULu6PZg
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  Dark Spy/Engine/Qt5/Qt5/plugins/platforms/qwebgl.dll
- Size
  
  397KB
- MD5
  
  c5a4f23c2f1cb00fac420ef89aeebb47
- SHA1
  
  2f1e73e076683c1f87081bb8ea97f007714fe8d9
- SHA256
  
  30dfc5f5614427cda0b4c97f25c2d6d19702562ec33e49c020768288ca1bea7a
- SHA512
  
  b67acc32be891ccaa2615b575d2a7b213917f3f6e78fac28d03b76f3eb48d04aabc96ab77190eca31fb3bce965e53657e2d37b2b71c379b4e96d1bbfb1e3c019
- SSDEEP
  
  6144:/Tq4StevYAunBi2Sq2DXfz3ARHh2nyPIqGfrTacq1iOCJ:/Tq4GewBrSdfODIbJ
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32