lumma | 2e96258f3dd21d059f59831295d32d324a849c87bc5a2149a49c97fcf5783558

Analysis

max time kernel
120s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
31-01-2025 17:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25/unknown-e49324f54cdf00a226d1779157391c9c260ddb6a5179ece3276f326052b95962.exe
Size

2.5MB
MD5

592dfc2c69751ac75147467449ed271e
SHA1

16df4b6679091b52db2baed0e535b22f418fed5c
SHA256

e49324f54cdf00a226d1779157391c9c260ddb6a5179ece3276f326052b95962
SHA512

f0bd781a7ba5d6f43593d0ca67daa7196207960589b7ed7c22df0f2325035b7e4527963dfe4e0111ede7b8be48e7fba30a2a4be1ac8f07d9cc432bdbc34bd773
SSDEEP

49152:dFUjNrQNRdtz/izuOBU0+djAeSlj2taFwuJxWvIT6tXdsQtEr8haJ:KN4vz/izuOBadjAeSlj2taSubWAT6tXY

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://rapeflowwj.lat/api

https://crosshuaht.lat/api

https://sustainskelet.lat/api

https://aspecteirs.lat/api

https://energyaffai.lat/api

https://necklacebudi.lat/api

https://discokeyus.lat/api

https://grannyejh.lat/api

https://movementby.cyou/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	unknown-e49324f54cdf00a226d1779157391c9c260ddb6a5179ece3276f326052b95962.exe

C:\Users\Admin\AppData\Local\Temp\2024-12-25\unknown-e49324f54cdf00a226d1779157391c9c260ddb6a5179ece3276f326052b95962.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25\unknown-e49324f54cdf00a226d1779157391c9c260ddb6a5179ece3276f326052b95962.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4484-2-0x0000000000800000-0x0000000000900000-memory.dmp

Filesize
1024KB

Download
memory/4484-3-0x0000000000800000-0x0000000000900000-memory.dmp

Filesize
1024KB

Download
memory/4484-4-0x0000000000800000-0x0000000000900000-memory.dmp

Filesize
1024KB

Download
memory/4484-6-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/4484-10-0x0000000000800000-0x0000000000900000-memory.dmp

Filesize
1024KB

Download