lumma | 2f66b87534d0e252da98f11e8a2b43879298f3d9eac0b8c84f382e5c24e2f7a4

Sharing

Copy URL

Twitter E-mail

General

Target

8ce88b52dbac86cbdf1655356261e773.bin
Size

2.9MB
Sample

240624-dmt21awblb
MD5

645a97af07225811c4599850361c1a01
SHA1

a616a9a4613002c6a34e6939246976375cd374a0
SHA256

2f66b87534d0e252da98f11e8a2b43879298f3d9eac0b8c84f382e5c24e2f7a4
SHA512

ef56512d63bad798f450546cc59ef4d2f3f9be34ffee1523bb79e3355e2e7fea8ed30816962c440d198bff9ccac5cb5716755ce865377d78d75b256a363cbaf5
SSDEEP

49152:l0XTq7dKPaOpaxoDgSDl45e0v68ghesYesi8fiE/p0NauMa92bH:eDq7dKPaO0ubiJvN9ffZ/q4uMaAbH

Score

10^/10

Malware Config

Extracted

Family

lumma

https://quotakickerrywos.shop/api

https://publicitycharetew.shop/api

https://computerexcudesp.shop/api

https://leafcalfconflcitw.shop/api

https://injurypiggyoewirog.shop/api

https://bargainnygroandjwk.shop/api

https://disappointcredisotw.shop/api

https://doughtdrillyksow.shop/api

https://facilitycoursedw.shop/api

Targets

- Target
  
  IMHttpComm.dll
- Size
  
  32KB
- MD5
  
  a70d91a9fd7b65baa0355ee559098bd8
- SHA1
  
  546127579c06ae0ae4f63f216da422065a859e2f
- SHA256
  
  96d6264b26decf6595ca6f0584a1b60589ec5dacdf03ddf5fbb6104a6afc9e7a
- SHA512
  
  f13b735a47090c7c6cc6c2bf9148408ee6db179c96ee6428270541f27e50ad12cff7486f3a6ffac2ba83fd2e6e8e49661e6258f5aee97eb0f48771cbbd22aefa
- SSDEEP
  
  384:UYacYCuDAIKaDEsdpRPcWzXKNfdZ1uTslWfXLhxyM8OjrsVIObsU25hoe1nYPLMt:Scr9/i1AscZ1wf7h4bOjKRsIe1
Score

3^/10
behavioral1 behavioral2
- Target
  
  ImLookExU.dll
- Size
  
  262KB
- MD5
  
  c3d6a629966b2de0ac954c0c75847f59
- SHA1
  
  8109256492cb3a2a38a6587b7e1145c58e078769
- SHA256
  
  0e469f31a8399483862231a0fe5b78bf90a7df4ac5c0470ae79adc33e4a42d10
- SHA512
  
  c80f718baa86aa05a566b8b5f8087a9f32703ef8f00ded809e0a2d74e94604b4b524989d953e26b9752e02fe2601ebe6527ef03384f6368ff6e5dca289a857e0
- SSDEEP
  
  6144:9X6yu38mY4o8xnZSYDI7jlFl4oYVFl4OgqAIwMr5s:9X6yhmY4pZSYkvl4/NwU5s
Score

1^/10
behavioral3 behavioral4
- Target
  
  ImLookU.dll
- Size
  
  606KB
- MD5
  
  3ea6d805a18715f7368363dea3cd3f4c
- SHA1
  
  30ffafc1dd447172fa91404f07038d759c412464
- SHA256
  
  a6766c524497144d585efa4fe384b516b563203427003508f7c8f6bffa7c928d
- SHA512
  
  a102f23741de4ca2184485d9aa4ddd1a36b9ea52cb0859cfd264d69a9996293b7e29b325625f1f6f9330d6c80ff415e09e85e1ae838c58acef585ae8dffe3070
- SSDEEP
  
  6144:5hvkhcT5e0HWJ5/10UfCrXCL12gQhYwtHWDEyF0nb6rFBvJ+sbJeDH+8uGh7xgLX:5hvkhcTd2JxXCrS85h0Dh0nMKbz45
Score

3^/10
behavioral5 behavioral6
- Target
  
  ImNtUtilU.dll
- Size
  
  94KB
- MD5
  
  bb326fe795e2c1c19cd79f320e169fd3
- SHA1
  
  1c1f2b8d98f01870455712e6eba26d77753adcac
- SHA256
  
  a8e1b0e676dce9556037d29fd96521ec814858404ba4cfdd0db0edbe22c87bc7
- SHA512
  
  a1ec894151baa14e4ac1ee9471e8606bf74edd39f7833d9a1a44eee74d403f6b52780c135e9718ff9564fa27d7128c22b8410b21f77e6d804f698cfb4eda65a1
- SSDEEP
  
  1536:q01U2obLeNvXXZ6Wb/2LamjMkUYCTSZaKAxvSJKRDOAG921:NobLeNvXp6Ou+mjMkUYC2ZVAxxFOAG9s
Score

3^/10
behavioral7 behavioral8
- Target
  
  ImPackr.exe
- Size
  
  102KB
- MD5
  
  2f779ac4318fd4990c828f60d16f2b17
- SHA1
  
  a188080158f8cdfe5050d6e828fb69e17ac0be19
- SHA256
  
  689951b03517f77b6c04bb57f604f50736dc1a86b87253b0dee73722d4520a11
- SHA512
  
  7f6dc79ab6db4615bb0c7b31d36cc8750373f9b7c199bfaa8e1eff9dbd6f0b790fe7e4c9dc86b62abb811d93e946e68ddc171701bddba423079447124ca6464c
- SSDEEP
  
  1536:BdPnjwBj/h13T5KRy8DiliMz+WPSC0mJcSs93k0TmOTWAnBchQlQICRXRXYu:BdPjwRrdoirza7C0iOPchc6Np
Score

10^/10

lumma persistence privilege_escalation stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral10 behavioral9
- Target
  
  ImUtilsU.dll
- Size
  
  1.4MB
- MD5
  
  a7eaba8bc12b2b7ec2a41a4d9e45008a
- SHA1
  
  6a96a18bb4f1cd6196517713ed634f37f6b0362b
- SHA256
  
  914b1e53451b8be2c362d62514f28bdef46a133535d959b13f3f4bf3bc63df3a
- SHA512
  
  0ae7fbdb2677d92c62337aa17b60a4887240a4a426ba638c7633587f4582adbcda2bde5ec824aab1a3f69acf2b391118763842acfab856d3d9764850961a2ac8
- SSDEEP
  
  24576:2EQirQajY+S5eqyL9dj7GP4a6xKlnNYndIA1HVtFyC0Glqb6WUOQZljMFbDG0:fQj+S5epJl7+eenN5+HVDD0bUOQPUbDP
Score

3^/10
behavioral11 behavioral12
- Target
  
  ImWrappU.dll
- Size
  
  158KB
- MD5
  
  cbf4827a5920a5f02c50f78ed46d0319
- SHA1
  
  b035770e9d9283c61f8f8bbc041e3add0197de7b
- SHA256
  
  7187903a9e4078f4d31f4b709a59d24eb6b417ea289f4f28eabce1ea2e713dce
- SHA512
  
  d1a285fb630f55df700a74e5222546656de7d2da7e1419e2936078340767d0bab343b603ba0d07140c790eb5d79a8a34b7818b90316ea06cb9f53cad86b6d3f5
- SSDEEP
  
  1536:+Vcm093l7KjJdwXjCsZ+WymDAZZxgbgROgldJ+VEcn75A:+Vcm03ggjCsZDym6Og5+Vpm
Score

1^/10
behavioral13 behavioral14
- Target
  
  SftTree_IX86_U_60.dll
- Size
  
  570KB
- MD5
  
  57bf106e5ec51b703b83b69a402dc39f
- SHA1
  
  bd4cfab7c50318607326504cc877c0bc84ef56ef
- SHA256
  
  24f2399fc83198ab8d63ee6a1ad6ffbd1eda4d38048d3e809fecd2a3e0709671
- SHA512
  
  8bf60649ece6bbb66c7b94ed0d9214fbeab030d5813e1e7b5d6d2349ee1de9075b7dfbbbbeae5af0dc21b071a00eafce0771ca1804e6752e9a71e71e6b1447df
- SSDEEP
  
  6144:+F1oCaK7hWLMxQqTxNEaPe/cq0sJBJYzlRtcChgWPQnjLkV3Ij9DvAmintVM:koxK7hhNN1m/cq0sJ/YzNcCj0oVy8Y
Score

1^/10
behavioral15 behavioral16
- Target
  
  mfc80u.dll
- Size
  
  1.0MB
- MD5
  
  ccc2e312486ae6b80970211da472268b
- SHA1
  
  025b52ff11627760f7006510e9a521b554230fee
- SHA256
  
  18be5d3c656236b7e3cd6d619d62496fe3e7f66bf2859e460f8ac3d1a6bdaa9a
- SHA512
  
  d6892abb1a85b9cf0fc6abe1c3aca6c46fc47541dffc2b75f311e8d2c9c1d367f265599456bd77be0e2b6d20c6c22ff5f0c46e7d9ba22c847ad1cbedc8ca3eff
- SSDEEP
  
  12288:o5lk6KUYmYRP6vAt9+J51r64f22JhPeEiz8F+p/xoOTa+S9XqNNw2ohW3:UyUaP64t9+JfrRJiz8F+p/N2/cmW
Score

1^/10
behavioral17 behavioral18
- Target
  
  msvcp80.dll
- Size
  
  536KB
- MD5
  
  4c8a880eabc0b4d462cc4b2472116ea1
- SHA1
  
  d0a27f553c0fe0e507c7df079485b601d5b592e6
- SHA256
  
  2026f3c4f830dff6883b88e2647272a52a132f25eb42c0d423e36b3f65a94d08
- SHA512
  
  6a6cce8c232f46dab9b02d29be5e0675cc1e968e9c2d64d0abc008d20c0a7baeb103a5b1d9b348fa1c4b3af9797dbcb6e168b14b545fb15c2ccd926c3098c31c
- SSDEEP
  
  12288:Q1HyurvZ0JPjuTtSu86th1n/hUgiW6QR7t5j3Ooc8NHkC2eo:Q1HyurvZ0liTwuhtjnj3Ooc8NHkC2eo
Score

1^/10
behavioral19 behavioral20
- Target
  
  msvcr80.dll
- Size
  
  612KB
- MD5
  
  e4fece18310e23b1d8fee993e35e7a6f
- SHA1
  
  9fd3a7f0522d36c2bf0e64fc510c6eea3603b564
- SHA256
  
  02bdde38e4c6bd795a092d496b8d6060cdbe71e22ef4d7a204e3050c1be44fa9
- SHA512
  
  2fb5f8d63a39ba5e93505df3a643d14e286fe34b11984cbed4b88e8a07517c03efb3a7bf9d61cf1ec73b0a20d83f9e6068e61950a61d649b8d36082bb034ddfc
- SSDEEP
  
  12288:6Fqi2VC1J7Zs7a5zchr46CIfsyZmGyYCqeC:6Ui2C1JdoiEdmGyYu
Score

1^/10
behavioral21 behavioral22
- Target
  
  wlessfp1.dll
- Size
  
  70KB
- MD5
  
  5120c44f241a12a3d5a3e87856477c13
- SHA1
  
  cd8a6ef728c48e17d570c8dc582ec49e17104f6d
- SHA256
  
  fbd4b6011d3d1c2af22827ca548ba19669eef31173d496e75f064ef7a884431c
- SHA512
  
  67c0e718368e950d42f007d6a21c6f903b084d6514f777b86aab3111ffe3be995949674276081c0281139a0b39119b84630a0ac341d4ae78677ac8346f371ae1
- SSDEEP
  
  1536:nEqYKdOEuqRKXd9ZWbIOinToIfYeyOgtPko:EqnB89ZouTBf5yOgtPko
Score

3^/10
behavioral23 behavioral24

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24