lumma | e308630fce1981ea146389004c428b4c2b2ea344cf707ddb32967846dfa56fa4

Sharing

Copy URL

Twitter E-mail

General

Target

voicemod pro 1.2.2.7 crack.exe.7z
Size

9.0MB
Sample

250306-lbz3wavqs6
MD5

9c0dae31629226d0e1563d88b03d80aa
SHA1

d3d802b9489132439d124a455f6b4533549b841a
SHA256

e308630fce1981ea146389004c428b4c2b2ea344cf707ddb32967846dfa56fa4
SHA512

4dad21814287cc05b7073e6f8a3bb961beccb4d9c1a8808c3a687711fe119f143c48ea0b29a6d56617ed9d5d18bd329288017c220aeb9d0e2925bb60c5486b31
SSDEEP

196608:DI+/zfWO2XydJF9PdReulC/CYpUTzJI/0KEn75:smzfOuJF9PdwuldY6tcS1

Score

10^/10

Malware Config

Extracted

Family

lumma

https://foodsktyproject.shop/api

Targets

- Target
  
  voicemod pro 1.2.2.7 crack.exe.7z
- Size
  
  9.0MB
- MD5
  
  9c0dae31629226d0e1563d88b03d80aa
- SHA1
  
  d3d802b9489132439d124a455f6b4533549b841a
- SHA256
  
  e308630fce1981ea146389004c428b4c2b2ea344cf707ddb32967846dfa56fa4
- SHA512
  
  4dad21814287cc05b7073e6f8a3bb961beccb4d9c1a8808c3a687711fe119f143c48ea0b29a6d56617ed9d5d18bd329288017c220aeb9d0e2925bb60c5486b31
- SSDEEP
  
  196608:DI+/zfWO2XydJF9PdReulC/CYpUTzJI/0KEn75:smzfOuJF9PdwuldY6tcS1
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2
- Target
  
  voicemod pro 1.2.2.7 crack.exe
- Size
  
  926.5MB
- MD5
  
  593f3787d5bd833103d456b10d35ae30
- SHA1
  
  858dead6e850ad056f5f20a2ba58b18baf752d07
- SHA256
  
  03208a9496a9c1accdf26285e0dca26100801b6571f6e0ea2863cc366fb54717
- SHA512
  
  b5ae96379ad20a989d1bf16d4a36c6c8604b01e942b89152fc22ad44cc5c3f22b2a5701e91918654a4abf029328016018d2e7d7b7d1868bc1b2e4def8bae0fc1
- SSDEEP
  
  196608:3eOBFM6TPvs/FVualRJrTytryNNbCmCYstCHAwwk4VFW1FOmOldPdr0xYw7O6au:3eOY00/GiYUA7wwk68nADW6sf
Score

10^/10

lumma discovery spyware stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates processes with tasklist
  discovery
behavioral3 behavioral4
- Target
  
  $TEMP/Casino.xll
- Size
  
  30KB
- MD5
  
  9571131323be90fe8bc297ec2dd6b973
- SHA1
  
  29e0e6ff1ad434bbfe8056be522e1c55b54eb748
- SHA256
  
  772204e17532f29016bbcf844c1320dc77a48fe66edd9a9cce112cff92111b64
- SHA512
  
  cd497283d7c91909401214cb9a2f49232deefa5bdf79cd9edfad6eb4aeb082acb87e0c0a8bb5742686a1811363f0e71d4832c84630e9cb9f42ae2b2172b72efd
- SSDEEP
  
  768:gZ8YjM39DjSqQD8o1RAqAWXOznYSLqpEfDFQ46ESQyr9LUevlO6s3CBb4c0Vayax:TbksoEW4Q8HAy492m9g7Nl7Q
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $TEMP/Centers.xll
- Size
  
  67KB
- MD5
  
  e7cb29925acf3dd4bd5741c37cefd9bd
- SHA1
  
  c54c920fbb455ad3de8b77a0f8f90dd637c1faa8
- SHA256
  
  a38fd737f9bcafd188553dee4d35a0701ee7961b27e93e6fddd8cbcdfc4c49c3
- SHA512
  
  08677bbf8f0a87847881bff198a468e46578b07b18a6dd257d207f9790c358d2c0bb96a8e044227a5b247b7b1049b4f836b96323227753efd1a3e9c76e02172d
- SSDEEP
  
  1536:ZJHWyBlqoYb1T2azNlxQzD0jAV/JBptaJlk5GhxIfYoKC:ZtWyBAvbN15lxs7loeGhxhob
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $TEMP/Fe.xll
- Size
  
  86KB
- MD5
  
  210634d53ffb4443a5ca36ba0cbe5be7
- SHA1
  
  64e3a18c6fa33c669d7e2cb029ad9bb990a37a20
- SHA256
  
  c351fdbde77eefc8113e8b1949f5794c36b53bc722356fb778e5ded601be3cd6
- SHA512
  
  368b9e04aaa4f1e405dc943095984c98572e4c264f9af10cc6c59807c5872be8bced8fadd6e30ee5d44ee86ba58668a916a63b32e4a9a81d98c454defdcd72e0
- SSDEEP
  
  1536:8p3O6su41jfyM/GFs/6OJpMorRwi0b+Q4WrLkHh23fa7E6ck/:8pD3+l60WOwi0qQXrLkH034EDG
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $TEMP/Nerve.xll
- Size
  
  477KB
- MD5
  
  f6f5c335fb7e174757b306b1dc1ade16
- SHA1
  
  2def4e0d0f7dc714063eaa0985ac74401e593ae3
- SHA256
  
  0fdab57f7bd9f614bfd9e693574ac06f285b0240486d52ae3c80353382ef7a84
- SHA512
  
  69b86b724654af9e8ca49d8d0d0aa7fb077fd52b3994da29af2031fe3f6e1b076dc4f1a546cbcaabc855f8472703d5f5ba4daa2001164ee7c1608d4116e8a686
- SSDEEP
  
  12288:mZwhNJ5QQjdNvWABZFpyO4xe0qOV+xqRaAorjZsbF:mZUNNNvWABHpGFqOLMr8
Score

1^/10
behavioral11 behavioral12
- Target
  
  Bright
- Size
  
  753B
- MD5
  
  6f60adf9e58af8dbca1cfdbf5301273a
- SHA1
  
  19a5863a6541c6dbb061acefcadb829006dac879
- SHA256
  
  19106f4c3e35327ad2a3e65682c9429e52665a9b0de2e97b9e755a76edc51431
- SHA512
  
  a0e480e7798bcb2dca8b53506d91c15a52fb495345ddb9641c6cdbea249c8b86ab417032dedcda12cab709fe7bd37bac970512e6ddc75bffb1a353467f6ef8f2
Score

1^/10
behavioral13 behavioral14
- Target
  
  Consultancy
- Size
  
  134KB
- MD5
  
  f3d8d8cb7a65c065e6607a143458d578
- SHA1
  
  b247f55f6ea2e56d138d202f3405362a7517ef69
- SHA256
  
  53ea6fa8d4cc588c47441c917380123b7194a3e6ce2e6a434331c5c438750ae6
- SHA512
  
  bb749076f0c172a9bf3152b8270cd503ed80761ea881bab3b704fc3a008d8abefd7583c7db2316b9d3a318b94e4e35d118e922e4504e2c312063a2e40d0f67ff
- SSDEEP
  
  3072:wde6u640ewy4Za9coRC2jfTq8QLeAg0Fuz08XvBNbjaAtsPB:wd314V14ZgP0JaAOz04phdyZ
Score

1^/10
behavioral15 behavioral16
- Target
  
  Despite
- Size
  
  35KB
- MD5
  
  8a0143d77ea7d1938062373e6cad3817
- SHA1
  
  1bf693e8e39565a5b1f9178f342f1263b2742441
- SHA256
  
  6ffe1a7e36bee6976b9915be3b62445db198f027f049249f631baa5e2d581193
- SHA512
  
  29af76e8ec7e58b5660f085c69cccf45a5416137d7625407e6a02894a3010f1faebdc52c20ba56e9e1dd6795d39f6978b4c6ba7d924f74275e3187457f52efb6
- SSDEEP
  
  768:n9OTGQ1Dv7sMvLHfR/ZByLiFuO/ChgZ45VatJVEV3GPkjF:nATGODv7xvTphAiPChgZ2kOE6
Score

1^/10
behavioral17 behavioral18
- Target
  
  Henry
- Size
  
  142KB
- MD5
  
  5061a2126455f10ecd09827c7264c18d
- SHA1
  
  e0964bfa8f7cdf4f59e66f4d804eef12324f83da
- SHA256
  
  8591fe8627273f74806336e394e1441cd30cae17ed738d5482b4bd90809f9b09
- SHA512
  
  fa6f63b07e84abdb3f6ac04e6a8ec183efae88fe9786dcdcbd6466e0a055826dca75dd28fa348dae48354737ab6cd6d7062e4d89732aa2eb9bd7e4b3f373711c
- SSDEEP
  
  3072:+2UDQWf05mjccBiqXvpgF4qv+32eOyKODOSpQSAU4C+:zUDtf0accB3gBmmLsiS+SAhC+
Score

1^/10
behavioral19 behavioral20
- Target
  
  Marc
- Size
  
  68KB
- MD5
  
  2dd80e06f9548088778a9a982039239f
- SHA1
  
  05b432d791605596d6b56d8073c2f9dec1962a87
- SHA256
  
  1f87c5321c8ee915e81905062ae80e9aeb3dcbac616ef13b58e8c09d4fb68f1f
- SHA512
  
  c08797783b1753110e40598aee9dfbfc3038ee0d76ccbd7fc15b41828ee1a750c45b7f722bf340c866124e63cd9f586a6ff85737eb7e1a6257b95124ac5ccac8
- SSDEEP
  
  384:Hu88888888888888888888888888888zv888888NfU84444QnooooooooooooooO:H/SGKAGWRqA60dTcR4qYnGfAHE4
Score

1^/10
behavioral21 behavioral22
- Target
  
  Pod
- Size
  
  92KB
- MD5
  
  a922a49f4fd5407e910735200c7b3c7b
- SHA1
  
  4d3822b46ab6639674befde7294365cd53092a86
- SHA256
  
  038c480ea4d804ddd07473c9596c9d68766945d7ffc697047e66f7f7c6af11b6
- SHA512
  
  4e6407d4d7522a8ecb5d31d9673d0fce34a7e7415a6ab91980903f961f60ebb684d167ec2d93242b2572a3487bbd9deb4cf332fc29c92fe49209a1f414abd9ed
- SSDEEP
  
  768:GAUsFxyLtVSQsbZgar3R/OWel3EYr8qcDP8WBosd0bHazf0Tye4Ur2+9BGml:GAhxjgarB/5el3EYrDWyu0uZo2+9BGml
Score

1^/10
behavioral23 behavioral24
- Target
  
  Sanyo
- Size
  
  120KB
- MD5
  
  cb253551bb7c7520ecadfa0db06e5139
- SHA1
  
  6a0155f8596b6daf677e1cb4edce5cf3d62bec59
- SHA256
  
  a4d9d10dd4514b8e4575f9b8341c9a687309ef79137dd99dd40e00668046caf8
- SHA512
  
  1e1d86c2249429a76b42e440a8ab7ac84b1a31dcab6f40756fb19fe4700b9404ea6d973b33c3e16b980c4e1ceec7dcd63c66faa48fa4727f398a8d10af9f3f23
- SSDEEP
  
  3072:PCThpmESv+AqVnBypIbv18mLthfhnueoMmOqDoioO5bLezW9FfTut/O:PCThp6vmVnjphfhnvO5bLezWWt/O
Score

1^/10
behavioral25 behavioral26
- Target
  
  Society
- Size
  
  133KB
- MD5
  
  b4d3ff457e285c8f973ebe85d45403ac
- SHA1
  
  b1c1241a8953020e169f3076f6fc2a4d83c27733
- SHA256
  
  f91a7700ceb66f309b3b47e55edeb5a025c6474d4e690ecf7a12b12433ffa123
- SHA512
  
  ade787790fcd548543c1e5ca0b618088ecf767b39f0fae3a4cf1ddcc82839aeb5141f68bd6f9043f98743efa9dcef8ca2e9b5579f5617b2f9fec372617e2c0de
- SSDEEP
  
  3072:L0Imbi80PtCZEMnVIPPBxT/sZydTmRxlHS3NxrHSBRtB:+bfSCOMVIPPL/sZ7HS3zcB
Score

1^/10
behavioral27 behavioral28
- Target
  
  Urge
- Size
  
  95KB
- MD5
  
  0ea869ca9b18406a52fa1ae6271164ea
- SHA1
  
  8a170a2f648e30cd1c1b6723ffa77ce45e5ca7c8
- SHA256
  
  bcb1d16c2aeda8aafd925b28b9fed30141361c3b1eb6a4170487d5b7b5a2ae87
- SHA512
  
  73e99ebf81690ef5246f615be2a322021837540d803d53351beea2b5f45be379323f26cd1c8c19bf62c265065c206c93a5f1e818f5a80ca9bac6b90bd5bf3cc0
- SSDEEP
  
  1536:ArKoUn9r5C03Eq30BcrTrhCX4aVmoJiKwtk2ukC5HRu+OoQjz7nts/M26N7oKzYZ:7Pnj0nEoXnmowS2u5hVOoQ7t8T6pUkBw
Score

1^/10
behavioral29 behavioral30
- Target
  
  Word
- Size
  
  105KB
- MD5
  
  4a9e8dbff979fd5063fc1d47f805a59f
- SHA1
  
  201871cae385ca06f95dfc4f9a4c10c28f995a83
- SHA256
  
  06db52213d88a26416e3909ad9c3c6d4e7bbe619163b4d314ed88d1d0f92c049
- SHA512
  
  b27d91421d33a53ea4dedc3fcf14fddf52fb59acc0b0b432869335a1660fbf3fde973e3308e379e621b40653b25079e0557bf10134ae4192f506ea589c957fe3
- SSDEEP
  
  3072:GZg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3laf:GK5vPeDkjGgQaE/lM
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

Enumerates processes with tasklist

Lumma Stealer, LummaC

Lumma family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32