lumma | f49dd4cad24b109d38ef6548c48188ec4db6c16a3086fe200124433e6b3262d5

General

Target

2025-02-27_d4e3642f6aa005d56c42e3eff6cfaa2a_frostygoop_poet-rat_ramnit_sliver_snatch_zxxz
Size

16.2MB
Sample

250227-h5pmfszwcs
MD5

d4e3642f6aa005d56c42e3eff6cfaa2a
SHA1

3603be6d330152d747be6eeff5c626b3df669a26
SHA256

f49dd4cad24b109d38ef6548c48188ec4db6c16a3086fe200124433e6b3262d5
SHA512

677816dc3baa5685c60315ed1f000b61ffadfa5c8e973b79acf314c7d72b5f9fbf8ed1c6a40e02f0168b59528bdf2c88f2b265981d5e44860e5189b5c771da7b
SSDEEP

196608:qeXaEgT/xxqZbtQBu1rw1aUsvrsSmeaoK:T+0JQEBw1aUsvrsSTaoK

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://reinforcenh.shop/api

https://stogeneratmns.shop/api

https://fragnantbui.shop/api

https://drawzhotdog.shop/api

https://vozmeatillu.shop/api

https://offensivedzvju.shop/api

https://ghostreedmnu.shop/api

https://gutterydhowi.shop/api

https://trustterwowqm.shop/api

Targets

- Target
  
  2025-02-27_d4e3642f6aa005d56c42e3eff6cfaa2a_frostygoop_poet-rat_ramnit_sliver_snatch_zxxz
- Size
  
  16.2MB
- MD5
  
  d4e3642f6aa005d56c42e3eff6cfaa2a
- SHA1
  
  3603be6d330152d747be6eeff5c626b3df669a26
- SHA256
  
  f49dd4cad24b109d38ef6548c48188ec4db6c16a3086fe200124433e6b3262d5
- SHA512
  
  677816dc3baa5685c60315ed1f000b61ffadfa5c8e973b79acf314c7d72b5f9fbf8ed1c6a40e02f0168b59528bdf2c88f2b265981d5e44860e5189b5c771da7b
- SSDEEP
  
  196608:qeXaEgT/xxqZbtQBu1rw1aUsvrsSmeaoK:T+0JQEBw1aUsvrsSTaoK
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm lumma
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Ramnit

Ramnit family

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2