lumma | a8e7fcd3082840075dae30a1604cffb215299f554561ba6258658d5511bb9d6d

Sharing

Copy URL

Twitter E-mail

General

Target

NewRelease_127_337_393.zip
Size

7.7MB
Sample

250131-xkxvnawnaq
MD5

0c5f3b153870254055cf385ed7284896
SHA1

9deb8d970e1d22c88fa570c23010c03e8c1428a2
SHA256

a8e7fcd3082840075dae30a1604cffb215299f554561ba6258658d5511bb9d6d
SHA512

3005f86fa5912e2d26cde18c1030b5856c959b515ad988031d2f1b4c55e261706e19488f2137625d8968556144a330ab46838b161ce0d4eddf88963ebd72dea7
SSDEEP

196608:cWB0gVukWXTUOGqFlbQN5HBVN7VByCcTKo37rKEAdZu:R0gVpMbFl8NRBVNBvkKEws

Score

10^/10

Malware Config

Extracted

Family

lumma

https://toppyneedus.biz/api

Targets

- Target
  
  Update.exe
- Size
  
  3.5MB
- MD5
  
  ecb87738003ef92685d0a9396b882bd6
- SHA1
  
  e2f884090c4e2177e658686e340176e9ecd025a8
- SHA256
  
  c4821dc8c71117c07f60d1e35bee01ff45fb9f4f3096a55e5a44227bd18faabe
- SHA512
  
  3aadad8d12edd4df9b1ae45d55b4e4438bb436be5003eedd6fd73a34f2dbcd727f0294c0a23554df60ab17b631a36603dc5f4c2e3d0b45c0ca5a02a4e56f253a
- SSDEEP
  
  49152:+dKww/RmwUCugWD9R/xGgikqbcaobFQlEUL4jRSapf49Y+IXgJDY4WePA/SH+Z38:JZZpbca55CvvT4ksj
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  boost_filesystem-vc142-mt-x64-1_84.dll
- Size
  
  156KB
- MD5
  
  2c278766d13eef3de18561a65a8e7333
- SHA1
  
  e322ee2a6f3684a562d96243174497a850306bdc
- SHA256
  
  869184cab395c9aab4c6e05c8344648fd757b62619a9ac207db3345841e3ee1d
- SHA512
  
  6de25639732e9d64700d601f59c4cb8e91078df56e04e7ddf2e53c4c34bda9ece3ed1568cb663977a333c17c03606fe2ed84cb30bfacf56a7835bbec4a7f707b
- SSDEEP
  
  3072:H5M8wVJSUbnuYmDDpikCOLBnsXn7DVUI4Ku8BoGBO:G5VJS+uYmDDpiQLBnY7pUI4JwoeO
Score

1^/10
behavioral3 behavioral4
- Target
  
  boost_json-vc142-mt-x64-1_84.dll
- Size
  
  305KB
- MD5
  
  ca6ee0f5b275b58a62cb7f3316e46dae
- SHA1
  
  9bd57bd3a9396db5eadc3cbd5b5feecc7dae87ac
- SHA256
  
  2eab87ef1fc0efb0af7632754a4b7304839bdf122aabafa404cc2be264833980
- SHA512
  
  c4ef4f9dbe90575d84a34b0c2a32e7855826a56add2664d57b903c5037318acbd03047c2a57be99441c92bef64e94c01b10c16c99c0583575c81da79bc3cdaec
- SSDEEP
  
  6144:97yEEpesL8KQZ1uiInDgeL7x9MTphRcqrl7/bR:FyEEQsL/hpr+phXrlXR
Score

1^/10
behavioral5 behavioral6
- Target
  
  boost_log-vc142-mt-x64-1_84.dll
- Size
  
  576KB
- MD5
  
  130347110596bb1ffc67511a405dd4dc
- SHA1
  
  19b47c35413e6d3279aa97ce69a1f9b3b6b9888c
- SHA256
  
  331182002bc0c66b1ff12983f4c3d959b66d74a8d1bf0f888e322148c99db0f3
- SHA512
  
  b3741bcbefb1a4de4a18322d324d51b194000f272f3e8092963e20b8163e8186c37ddf6f717c0f0dddc268ab533ad7fa948c50fc6232944b20a945fbfd4b02fc
- SSDEEP
  
  12288:sBBn/yMQrjLmn6gH0UmYj4o6U9q99xVJiSiFF:sBBn/yMQTmn6gH0UmYj4tuvF
Score

1^/10
behavioral7 behavioral8
- Target
  
  boost_log_setup-vc142-mt-x64-1_84.dll
- Size
  
  712KB
- MD5
  
  968001805eed7f9daa783b72b5db8ded
- SHA1
  
  f66d2125a6d096cb54737a267f85cdb43d7c2704
- SHA256
  
  5fcecc66b4b20c18740a0a2be9050f578d065851f69406f3e95e0ff19874d3a1
- SHA512
  
  f9cf0820e118f415e3cec21faf4db3bb900bfe89f20936c6bb257e37ed221f68bd951c6fa91946b981bb61d68ae92669c8025351649a0f005af125e718e419a8
- SSDEEP
  
  12288:YSy1/68/dKqXRdnZ7kON0BUPqMWea60LzIc+JcyMc56w3oYRAfwUR4qz+f3Ce:YSy1/68/dKoRdnZ7kON0BUPqMWea60Lg
Score

1^/10
behavioral10 behavioral9
- Target
  
  boost_thread-vc142-mt-x64-1_84.dll
- Size
  
  106KB
- MD5
  
  ea87719e1cc34ee053b121f0b5d908ac
- SHA1
  
  55c837476cbd2a212577358a328cb19c800881e1
- SHA256
  
  c41850abed7305faab56fb8d34551f355f3de5c4409cea1770cd4ab4414d0645
- SHA512
  
  eff7cbed1390637702ecda75c0ad80e0cc94f255464e10734963465ebe826442b2e3663aa3521dfcdbaa28c166da1132014822e4a2857542b53a531503d45823
- SSDEEP
  
  3072:ssXf59LAF17l7ISQZC6mfZ/sdypy5TkXep:sszEv79ISSGOypy9p
Score

1^/10
behavioral11 behavioral12
- Target
  
  concrt140_app.dll
- Size
  
  61KB
- MD5
  
  01f641e257400fc3e0540ba6a46a095e
- SHA1
  
  c161c46ca628b9bbdc2b77760d9797f44f234fa9
- SHA256
  
  830e4c7634fd5ac5d3a9106894a30ad8eacce279a1ee27db70c16d7272cb79a2
- SHA512
  
  84aad069b61e76ae7f31cc76316dca9de401bcd8179933807129720ba0ad2b6c7a8e8a8e585ec749856e93f34ee85ca706b61533fefef0fb0ea73a087d3817b3
- SSDEEP
  
  1536:l2dU3Sz3CkkDPZB7y77Qs82cnuHnCcDkwD9/f/zEp4zSZeC4dezFG:lEU3Sz3CchXpIM
Score

1^/10
behavioral13 behavioral14
- Target
  
  libcurl.dll
- Size
  
  576KB
- MD5
  
  2df86dd743040453e6ea30cc1a6c7417
- SHA1
  
  35c18d3e81ae9d540be63c32b4f1cbf468cd29e8
- SHA256
  
  313ba9967b8ab84c8186d4527b1e9f9c6d83556c59b34936fa4b9ad1551fde69
- SHA512
  
  ebcda6f5b80425063d4028abf0bcc11ad2cbef6dd340ab140edbbf162cd4304b06af8a34fb1f2fd3333c4b1517d75171ee4ab1105677f2514a5b1e21785f9828
- SSDEEP
  
  6144:ge9IKekZTpKnpY8wl9UzqTNyA7iWlnDlsvM2mXX6+QJmFYeQ8DmIaKTnBw2eV7wP:39IKJXxRyAeTY6+QJmFYebDTn5wlC
Score

1^/10
behavioral15 behavioral16
- Target
  
  msvcp140.dll
- Size
  
  563KB
- MD5
  
  4065afa57eff9507ac798a241955c225
- SHA1
  
  f77b7a1efcdf47bc7beb3ba7223ab4644ca6af29
- SHA256
  
  65d7208cf74904cb01213e9e59e3d6186746614b33bdb7dfc5cd95db4c01b69d
- SHA512
  
  f35c8671e9de47e84ee7666d1ec399ad26e8b017f71433ff92e786f8abd6db36424f96b08eb32f43fe1ed8e98df01acb5f03227427d04d4c6fa2f501d9056883
- SSDEEP
  
  12288:c7dqZ1EqSGQEwkcz6sm7UtgZ/29z7mnuMG7NaekWdgJMKZ+h7rUh0wvaQEKZm+jP:cZNg+h7r6iQEKZm+jWodEERAH8
Score

1^/10
behavioral17 behavioral18
- Target
  
  msvcp140_1_app.dll
- Size
  
  22KB
- MD5
  
  aadee416a0807e1ce541c83129d5adf1
- SHA1
  
  218606edb1b78d8d6136598d40ab4875786d65cc
- SHA256
  
  e5bf033bea82b89309c769d0871b9edb355173691c023cb99846b26f191d076d
- SHA512
  
  80ec2fb774c4ff276909c8359b1a2706e7aebef3db4b223efff5a0e35eead28aae0ce18b1b3d6997083471f49543e230c2e71ed444eca1490033cfe11125d647
- SSDEEP
  
  384:lSWIGCs09R9zb4J/NEHRN74NBmo8R9zSJd:lw9zAA4PmoQ9zSj
Score

1^/10
behavioral19 behavioral20
- Target
  
  msvcp140_2_app.dll
- Size
  
  25KB
- MD5
  
  fc645ddd3bafbae825fc40e6b1a2eec2
- SHA1
  
  502d3579eeb1b367f6ba2755b0d7942062810698
- SHA256
  
  d7d5fb68cf16dc8c32375a8dafeb21d26d9328f2d780d8942c3e103debd0656d
- SHA512
  
  fd398608ed1f3a136517d0f85daaddd244130932c082263379977ca9017c94687089e4e340e4391d819a82f5453a41d20780afe30651426747e6c6e5204d99a8
- SSDEEP
  
  384:vbt8WxzCsVzpYpR9zLnaW+HdmJ/NEHRN7PreYlORR9zHpr:1pYD9z+5HdCAzVK9zH
Score

1^/10
behavioral21 behavioral22
- Target
  
  msvcp140_app.dll
- Size
  
  258KB
- MD5
  
  d2cb94e6620e6b4966ce8c0b8449ecc8
- SHA1
  
  9709a0599ab40d882dfc591775d21b34330294b7
- SHA256
  
  11819dd5814ae27122cf838a89659c0593d976206db88d5de46ead806f40df68
- SHA512
  
  96aa28797209774effc9bccd8b0591bb132acb8a5b5ae6e0dc24715d36cdc94db193d41359d62d7edd7fcbccf42f63baad171f9d023d7dbe6d42bddca4e4af94
- SSDEEP
  
  3072:e8Mx3k2pFYZAECK7Z2me+w5c6PD41YlAHC2aWoo7dMEMEik8bB4lKY:evx6AECK7Z2me+wEaWoo7dMEMEik8dE
Score

1^/10
behavioral23 behavioral24
- Target
  
  msvcp140_atomic_wait_app.dll
- Size
  
  25KB
- MD5
  
  6078f9916ff516ec7fdc7f3ea0b70b40
- SHA1
  
  9d2b966d8cf353cd18cdd20cad14fabeaa6289d5
- SHA256
  
  3e27b06f1c794e2491a751153eefdf68017def93701870ac28e675b6d69c2031
- SHA512
  
  0594c51fb943907d3b1968bd9aa89699845de3e2763f5334b9bd912132a03cf6bac0e51204a052edb4f7ae5b0fa049f963d0efeb1e446e1538a2e736f6f29409
- SSDEEP
  
  384:peYgHXGWpCsQJA2R9z6FJpLRXi/NEHRN7/nHR9zNZej:pejK9zO8AJ9zHej
Score

1^/10
behavioral25 behavioral26
- Target
  
  msvcp140_codecvt_ids.dll
- Size
  
  30KB
- MD5
  
  219d5c69385776850486f355aaa09de9
- SHA1
  
  712d9763628392f5c3a0f514eaa50be9121b3e2b
- SHA256
  
  31c91665f0507f4ba7d8b745252b6118faf58f34ad8e8904c8f35642a5d3d677
- SHA512
  
  3f457ef8c3e4f3e08702a733bf8b6bcd81bc215961e08debe490789e9fb3f7ba81cfa96084717f71c06885640829dcb5aab5896b95a6b25cfe3ee1456d847967
- SSDEEP
  
  384:dYp02g8EWiVEWbhxX9R9zbCchE5yEFHRN7cUPQNbZR9z9xh8X9:dY02g5fxP9zGcugElcUYFT9zDc9
Score

1^/10
behavioral27 behavioral28
- Target
  
  sqlite3.dll
- Size
  
  10.2MB
- MD5
  
  8460673efeebd2e135144f4db2e954eb
- SHA1
  
  a9a6dc1ea39b518738b8c0af25c7e4e6a484b802
- SHA256
  
  3b202ba22cf14da7bc04b87525b11829407fa318f1b8ec73b463fd6dd3434bb3
- SHA512
  
  bc96225068c2a6201983e40867803d7df18b3da8a46edc7e519e7e8f398277d80056df8820ff5b4925c9e500d791e0029f6d04ebc3ab4476c53c520085dfc733
- SSDEEP
  
  98304:A4hY4qVmdgIZ6UO77Ofj9sIv3iINoEDn9qyyyyl7/dXcIWC0XRNdkmWRxiPVrCbq:BYT8gn7KrKIvbRn9EdXcIWx3d0xsVr
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral29 behavioral30
- Target
  
  vcomp140_app.dll
- Size
  
  29KB
- MD5
  
  a8e7f5e31bf2615679afc3b69b6f58ea
- SHA1
  
  b9bc23cc204184978c43dd7cfcb13bca746bfb72
- SHA256
  
  ac68b8093c3e3772f0c7ff58fde61dc7c277cc3370b66969a0b2896e1955cbda
- SHA512
  
  5b1919f2113772269340fe384e0e36354cc80d0b2b6cdbbd3dbcdb565ecd1f91a10707d6245c5bf610ade14d25f08dfc44d07fb68a371b0c4095c93e0f0ee420
- SSDEEP
  
  384:5LDLn1NTkH01d/klkVp9pVQz6j7ZhApYpGWSGxSzxIPaR9zr3Q5yEFHRN70vEpch:VDLnrkuam7PQNyczxOW9zEgElcEpw9z
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Checks system information in the registry

Suspicious use of SetThreadContext

Lumma Stealer, LummaC

Lumma family

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32