lumma | afbfed421c1da695c193849d153e11975eb3f2f6fa9d936bf987d4f046d86f7e

Sharing

Copy URL

Twitter E-mail

General

Target

afbfed421c1da695c193849d153e11975eb3f2f6fa9d936bf987d4f046d86f7e.exe
Size

1.1MB
Sample

240703-cxaknssfrd
MD5

470aed70b81cb24f9316bac75ce9c409
SHA1

6797699947374efbe4e4746f7500a1e2d92ce36a
SHA256

afbfed421c1da695c193849d153e11975eb3f2f6fa9d936bf987d4f046d86f7e
SHA512

b26ad5e4fac0bbca810554f0a5453bffa8ad4d654bd057fefc8e83e3dbfd42e1e63ddef308c445a783d8684038e9a2f1f546ff1a7948b93c63b886632e242cb6
SSDEEP

24576:lVcPvhB8dHjhl1nd1NWiOBCmn0jRq9odg3cC:85yD1NWiOBpn0YUgsC

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://potterryisiw.shop/api

https://foodypannyjsud.shop/api

https://contintnetksows.shop/api

https://reinforcedirectorywd.shop/api

Targets

- Target
  
  afbfed421c1da695c193849d153e11975eb3f2f6fa9d936bf987d4f046d86f7e.exe
- Size
  
  1.1MB
- MD5
  
  470aed70b81cb24f9316bac75ce9c409
- SHA1
  
  6797699947374efbe4e4746f7500a1e2d92ce36a
- SHA256
  
  afbfed421c1da695c193849d153e11975eb3f2f6fa9d936bf987d4f046d86f7e
- SHA512
  
  b26ad5e4fac0bbca810554f0a5453bffa8ad4d654bd057fefc8e83e3dbfd42e1e63ddef308c445a783d8684038e9a2f1f546ff1a7948b93c63b886632e242cb6
- SSDEEP
  
  24576:lVcPvhB8dHjhl1nd1NWiOBCmn0jRq9odg3cC:85yD1NWiOBpn0YUgsC
Score

10^/10

lumma stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Process Discovery

T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer

Suspicious use of NtCreateUserProcessOtherParentProcess

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2