lumma | 7b3083941d35440f68405d34098fccca38074d3123f56f39959aa9ee43f8dcdc | Triage

Sharing

General

Target

Nexol.rar
Size

2.4MB
Sample

250129-yh4qvswphj
MD5

c5bd8a7e12b48609d9caedd5990933b9
SHA1

b49599787fc18f43f28517ebd406f9ab9f8e626d
SHA256

7b3083941d35440f68405d34098fccca38074d3123f56f39959aa9ee43f8dcdc
SHA512

cb468f676e286d0283d75a792ef7b8831152b3721179f75384b1a7676848a6a679e8b60fcd75f2982ddc94d2e058aca03bc4cff602c2fac33fe64e9abe067687
SSDEEP

49152:A/mxjza/8h6ae9dPbv487XHO2g+Y1pEsiglrKYYqNMOaHcNHF4LQAZVs:Aux3a/f9Nv4aHmpligl5NMOicf3oVs

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://toppyneedus.biz/api

Targets

- Target
  
  Nexol/Nexol.exe
- Size
  
  473KB
- MD5
  
  e7bb20054b7d3e33dd82f82ddc2e8b11
- SHA1
  
  8a2cd79e07948d2ea624010d7c7fb78ad249de02
- SHA256
  
  5b11c5df562c17c5f60e79b429ca8ed21c919b2615dfe45571fda92f261375cd
- SHA512
  
  11f20888be8aa7c1410bad7fe85ab90df852b9e6b465c2f634b2bebc5fdcbb21c0caea7fc4bcfb16ec77a8abd804267354e5c52d52c1e506b12d5ea65c819a43
- SSDEEP
  
  12288:npryC8zCrxmLFBWwvC/5h4RrSxVd5B1YVKw:nprygmI/34RUXw
Score

10^/10

discovery lumma stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Nexol/Quadv.dll
- Size
  
  547KB
- MD5
  
  9591405073c6460e382343c75de477e3
- SHA1
  
  32d73c95f3a6f5470230dd21800de592c06d906a
- SHA256
  
  952dc4888a39c7ae027b323345996ff163af787e71103af323588df74be01f23
- SHA512
  
  d7cf6df8eea6128447ebd99a9c4c5823b0ae1919dfd30bb63bdaa277eb7e1a7226b0bb2da675b790cb4b6cc4262c26094a96c34b3d257439a02c80b5db0f7138
- SSDEEP
  
  3:GmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNu:s
Score

1^/10
behavioral3 behavioral4
- Target
  
  Nexol/Xheu.dll
- Size
  
  86KB
- MD5
  
  e20f47fc6b9c5223478b583a73e58544
- SHA1
  
  28a793d431dec8a637cba226b76f96b05f38c719
- SHA256
  
  5b8835142581306c013b00c1989263e4db3f2f9940755d0a178af443393219c4
- SHA512
  
  523c32b289cd836894603efc6a3a7430df79ebd42f26e603cc72e2129eec003e575a34bfb5896b6a03c10e789b27ff9e76553f17773ecab972cc23cfcc12bfcb
- SSDEEP
  
  3:GmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNF:Bdh411I
Score

1^/10
behavioral5 behavioral6
- Target
  
  Nexol/aah32.dll
- Size
  
  551KB
- MD5
  
  b0739745e782946a0dae3c0026e24d32
- SHA1
  
  702e88c1d3b23000db64028d688cda310d79d70b
- SHA256
  
  68810e83425efae5727d3ccf2aa0fcf82f571cd756c48c89869a55d952936bf6
- SHA512
  
  9390ff73c37db63721d957c59bbf46d198ca7fdc2246c340b735fab3c82bad33c3c757f466da89d1cbfc64ef43c543495499dc8036d43d1e477d0fc4f6cc9fa6
- SSDEEP
  
  3:GmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNB:n
Score

1^/10
behavioral7 behavioral8
- Target
  
  Nexol/inject.dll
- Size
  
  153KB
- MD5
  
  b9845d2018ad4752641a4de3af749fc6
- SHA1
  
  d0c7ac1b38d43f2cd462cfff36dfe41d3af63057
- SHA256
  
  93af58358d1fb0b3faf592375dc1826caf172544223e8ce2ee4e63a4f6ee46b5
- SHA512
  
  56f2b98a2e9a31c25e6a5e32037997e888c51d4b20d04b9a8eb52a5db825af82b643a06919ea918829a8d9dd80dfc5cb000c77617e753610d7e66b6d6d32ea73
- SSDEEP
  
  3:GmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNx:dx
Score

1^/10
behavioral10 behavioral9
- Target
  
  Nexol/version.dll
- Size
  
  183KB
- MD5
  
  6d7f976b644410f6251697469e25af61
- SHA1
  
  faa26974833529f162cde7273405bcc6a945a9b6
- SHA256
  
  bb83eb8a0ae75c425f6ec72af554e5f8158eb4ffa0a898e26b564fc0217c8ae5
- SHA512
  
  e160464239b42bdaade8a50e762e233053627c67bccd435c8431aff5efed36945f5524b5e1e56821625ff71456eb5b640ace959aa728d0cf186c1c91a7cf39d7
- SSDEEP
  
  3:GmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNB:n
Score

1^/10
behavioral11 behavioral12
- Target
  
  Nexol/x64/Vsg32.dll
- Size
  
  5.0MB
- MD5
  
  a049ce8dec55021086e4231f299c470f
- SHA1
  
  5b693669572230422fbc57e888bcd218eb2a4a98
- SHA256
  
  95f8082fde571e1bbb885fa6b92d67f3bb8fac66337687e9502aa73f6ac37ade
- SHA512
  
  1ccd6ccbe964a21958ed8765724f4d5f5aa7b0d2e025614bf4fd6a929ed8b37b09487022a62207bcec211cb455c0c9d64fac13f27d8845e2e062b9d715512cfb
- SSDEEP
  
  24576:S9ChCwC+vwWi74+ZsEfw3fc/cUkwwKrfMarSS2EbJI/5Qz+LRWV9X1BylFDefUxd:S9C9oQMo
Score

1^/10
behavioral13 behavioral14
- Target
  
  Nexol/x64/cfg.dll
- Size
  
  5.0MB
- MD5
  
  7bfe885d87026d0d41dba5fb4173201c
- SHA1
  
  027637e1c7fd24a7bbaba6b926cce67e47d8e7dc
- SHA256
  
  2b529e8afa002053744bb4e2430513e7745f91b5052446ef2d0568e91d5b1280
- SHA512
  
  d2ded5d1c216900e340425f652c585398f2662f3aefe552e80161af90d1656d2ed202366c2ac794564dbf6eca0c1d769f62fcb979a0d666ea06540e389a30951
- SSDEEP
  
  24576:v9ChCwC+vwWi74+ZsEfw3fc/cUkwwKrfMarSS2EbJI/5Qz+LRWV9X1BylFDefUxd:v9C9oQMo
Score

1^/10
behavioral15 behavioral16
- Target
  
  Nexol/x64/x32d9.dll
- Size
  
  100KB
- MD5
  
  a969c4ddb06f8f7b82c6e1e1f5d38fe1
- SHA1
  
  923df45d86570bc4107c0dcc6bb9bbba2a9dfe74
- SHA256
  
  bf31dd26195b875bb45f91bc4e482eb2b1657b9357846b2ced154f23b713e0e7
- SHA512
  
  88668e48ad5d17bd88f91ce3b425f536982957622f52eb6579367bede19444a955eb3db588c9820bc35ee469aad0047cee007b7250b9bc722e317d158f131d1b
- SSDEEP
  
  3:GmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNmNd:SqsiCO
Score

1^/10
behavioral17 behavioral18
- Target
  
  Nexol/x64/x64d3.dll
- Size
  
  4.8MB
- MD5
  
  b744f5976b64674d00ba08631c4a07f9
- SHA1
  
  66dbc4b7a5fe9e42c8da94d7a7940023bb8b50aa
- SHA256
  
  fea44ec1aa17a4037b5d5b6de901232fedb17e8cebaca5c85aed1a335283b5f8
- SHA512
  
  9a899741a20f24377ead33430c641b933c32af55e01ed825c1c7aa7e438d39d6b60027021b479d7dcac48319bf2ea19c25ddbb048508d1e56d6aa224021ca1ab
- SSDEEP
  
  24576:S9ChCwC+vwWi74+ZsEfw3fc/cUkwwKrfMarSS2EbJI/5Qz+LRWV9X1BylFDefUxQ:S9C9oQMh
Score

1^/10
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummadiscoverystealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20