Overview

overview

10

Static

static

3

Bootstrapp...2s.exe

windows10-2004-x64

10

Bootstrapp...2s.exe

windows11-21h2-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    Bootstrapper_1725665491503_7rgx2s.exe

  • Size

    10.7MB

  • Sample

    240906-3j9eystdpf

  • MD5

    6ae74315bdb5b5f757005d23967bcf73

  • SHA1

    834c5b96f91e9349ae91ed4cd5cc8897f58a3fdb

  • SHA256

    66397977e36190a9f7ca77e93bfceb8e731838e5ce824bcd22222339b007891d

  • SHA512

    bf54808fd4ad33d0929868c90fc7b8cf0e9a9ab5c8507d9de676966143b8a9556dadd7ffd7365f3bbc7065ef98b0f75c78267558824df8bea4a358ef52973b77

  • SSDEEP

    196608:bQBhQLJcA1nvCB254dzRiZp+0JhLNL6XpDFvZEw5HTjoA+W+72E/inXeBRfmfR+d:bQrQtHvCYIzE+07LNKZB55zjiW+ge7ee

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://chocolatedwq.shop/api

https://condedqpwqm.shop/api

Targets

    • Target

      Bootstrapper_1725665491503_7rgx2s.exe

    • Size

      10.7MB

    • MD5

      6ae74315bdb5b5f757005d23967bcf73

    • SHA1

      834c5b96f91e9349ae91ed4cd5cc8897f58a3fdb

    • SHA256

      66397977e36190a9f7ca77e93bfceb8e731838e5ce824bcd22222339b007891d

    • SHA512

      bf54808fd4ad33d0929868c90fc7b8cf0e9a9ab5c8507d9de676966143b8a9556dadd7ffd7365f3bbc7065ef98b0f75c78267558824df8bea4a358ef52973b77

    • SSDEEP

      196608:bQBhQLJcA1nvCB254dzRiZp+0JhLNL6XpDFvZEw5HTjoA+W+72E/inXeBRfmfR+d:bQrQtHvCYIzE+07LNKZB55zjiW+ge7ee

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks