lumma | 22648bdc393ffb7830ae3e47d4aa7a52d5d98e519b03d6cc32df8f8e7132b035

General

Target

2025-03-03_b7440dc351ffe15cca82aab34d07e734_frostygoop_poet-rat_ramnit_sliver_snatch_zxxz
Size

16.2MB
Sample

250303-bqxk7ask19
MD5

b7440dc351ffe15cca82aab34d07e734
SHA1

d21c8f5ff2f1525e8df402820829255a9e53601c
SHA256

22648bdc393ffb7830ae3e47d4aa7a52d5d98e519b03d6cc32df8f8e7132b035
SHA512

71b297ad9fee3353349b3a78215fc91e2efadadfb32f3ac83fcc52c191a2ec38510d229102c50c93a53bdf9b999ea656b5e2815ea355a692eaca61e1080f8321
SSDEEP

196608:qeXaEgT/xxqZbtQBu1rw1aUsvrsSmeaon:T+0JQEBw1aUsvrsSTaon

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://reinforcenh.shop/api

https://stogeneratmns.shop/api

https://fragnantbui.shop/api

https://drawzhotdog.shop/api

https://vozmeatillu.shop/api

https://offensivedzvju.shop/api

https://ghostreedmnu.shop/api

https://gutterydhowi.shop/api

https://trustterwowqm.shop/api

Targets

- Target
  
  2025-03-03_b7440dc351ffe15cca82aab34d07e734_frostygoop_poet-rat_ramnit_sliver_snatch_zxxz
- Size
  
  16.2MB
- MD5
  
  b7440dc351ffe15cca82aab34d07e734
- SHA1
  
  d21c8f5ff2f1525e8df402820829255a9e53601c
- SHA256
  
  22648bdc393ffb7830ae3e47d4aa7a52d5d98e519b03d6cc32df8f8e7132b035
- SHA512
  
  71b297ad9fee3353349b3a78215fc91e2efadadfb32f3ac83fcc52c191a2ec38510d229102c50c93a53bdf9b999ea656b5e2815ea355a692eaca61e1080f8321
- SSDEEP
  
  196608:qeXaEgT/xxqZbtQBu1rw1aUsvrsSmeaon:T+0JQEBw1aUsvrsSTaon
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm lumma
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Ramnit

Ramnit family

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2