lumma | bdc7b917477bb49af7a5b06e5d9ed20e08fed25944f297a6b36a50d03d8a5777

Sharing

Copy URL

Twitter E-mail

General

Target

MilwaukeeRivers.exe
Size

948KB
Sample

241122-mb9gzsvlhm
MD5

e922a4d7d2c3c937231aa937b9a2ad25
SHA1

b78ade0fbd78bff01d5c86079c9224d7b87f0770
SHA256

bdc7b917477bb49af7a5b06e5d9ed20e08fed25944f297a6b36a50d03d8a5777
SHA512

501a15eb4c5c64f2df9f454c11951907f33a834885113e14491a6823d8e3373c09523a3eedb52952aada8071dbeec88338dbdeb02a2c4d7a8e0af48eb1dbe5f6
SSDEEP

24576:7gk8NlvGOgHdQFQ/Dfw/EQky/vgNs9OHYkc:WvGOgHeFODfwcC3WsSS

Score

10^/10

Malware Config

Extracted

Family

lumma

https://servicedny.site

https://authorisev.site

https://faulteyotk.site

https://dilemmadu.site

https://contemteny.site

https://goalyfeastz.site

https://opposezmny.site

https://seallysl.site

https://proggresinvj.cyou

Targets

- Target
  
  MilwaukeeRivers.exe
- Size
  
  948KB
- MD5
  
  e922a4d7d2c3c937231aa937b9a2ad25
- SHA1
  
  b78ade0fbd78bff01d5c86079c9224d7b87f0770
- SHA256
  
  bdc7b917477bb49af7a5b06e5d9ed20e08fed25944f297a6b36a50d03d8a5777
- SHA512
  
  501a15eb4c5c64f2df9f454c11951907f33a834885113e14491a6823d8e3373c09523a3eedb52952aada8071dbeec88338dbdeb02a2c4d7a8e0af48eb1dbe5f6
- SSDEEP
  
  24576:7gk8NlvGOgHdQFQ/Dfw/EQky/vgNs9OHYkc:WvGOgHeFODfwcC3WsSS
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2
- Target
  
  .data
- Size
  
  512B
- MD5
  
  014871d9a00f0e0c8c2a7cd25606c453
- SHA1
  
  92d7e0d8d66861f702d867dac616b7d02bca94ec
- SHA256
  
  637a3943c555de3601588a8398252a905d18c17f9d49f750b812daa630abac68
- SHA512
  
  3f1e945759614a0e0ee05d8cc7c9d3a9f0b2954f64c173dd8f755d6b422c0b2f1f7a5c3af8aa54f3c6909de65c125e048dd8d17ee55da3989c4b2c807d83874c
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  .rdata
- Size
  
  11KB
- MD5
  
  07990aaa54c3bc638bb87a87f3fb13e3
- SHA1
  
  05985b7f60a664d2595e9406ae3b208c97597bbc
- SHA256
  
  b38b34dfbb61b5fc0659b9861f09dfdaaa743cb97bf0134e7bab66a75ddc940e
- SHA512
  
  0017dd49d85c6aa9e8351c7da60f1150cb241022664151f0d2182a7a344f46286eb9f131f75a5f1adcef57a1362689a3c40a37547acc262aba92b742c13b65ad
- SSDEEP
  
  192:wiR1IorPNhxjQFOdiq343py7JRWVS7yWymPn:9RiaPblQFdq343pwrWVaymPn
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  .reloc
- Size
  
  4KB
- MD5
  
  28eb16c084f743398eac7a551641079b
- SHA1
  
  38874b4ed095894438e4bd70166c73a95200cb79
- SHA256
  
  11291a89c647ba84f2cca631a3ba8d8b8cc2821580bb9f4c78be1f8965541db3
- SHA512
  
  1e352b3489251a48811e442e0a89ec5f5004a0f1040d281eab1f38b9a79dd368f2e0feea2b34ad6dbcd8d8369aa9f89e6b187907175da2e7ae09a4d1eb256d63
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  .rsrc/DIALOG/105
- Size
  
  256B
- MD5
  
  3409f314895161597f3c395cc5f65525
- SHA1
  
  1a99d016d65e567f24449d9362afb6ac44006d0b
- SHA256
  
  fecdb955f8d7f1c219ff8167f90b64f3cb52e53337494577ff73c0ac1dafcd96
- SHA512
  
  f3e7394fa49325a7ea46728b77a5e819e18d63049d54c6adf36d08619709484f8bbd20206416d3c1440bd70632d99d9a45f3488482353f90aa21aa6ee3915427
Score

1^/10
behavioral10 behavioral9
- Target
  
  .rsrc/DIALOG/106
- Size
  
  284B
- MD5
  
  2d12c45dc2c029044aaff357141cb900
- SHA1
  
  083db861ab3c7db23c6257878296e73a89a74b8b
- SHA256
  
  69897c784f1491eb3024b0d52c2897196a2e245974497fda1915db5fefcf8729
- SHA512
  
  a50dcf605a914f0a6f94b3f815be159c2b729d005a25d6cc9120c4d34445cae2d0b20df3dbdc7672f316010c6a47079265548a1ed5a523896963b1a3ddf98a17
Score

1^/10
behavioral11 behavioral12
- Target
  
  .rsrc/DIALOG/111
- Size
  
  96B
- MD5
  
  6be4e1387d369cf86e68eacbdd0e81dd
- SHA1
  
  351970fe2681b9b35b5d59ad052011ed96a96e17
- SHA256
  
  85025c8556952f6a651c2468c8a0d58853b0ba482be9ad5cd3060f216540dfc0
- SHA512
  
  b81b287de73282cc5a7337559fbce5af01d1a440f04ee97c6a8e1de0c787ef38936c951b802014b841fc517fe7f2b916266dc8c35cd5de1ad0c630dc2218fa81
Score

1^/10
behavioral13 behavioral14
- Target
  
  .rsrc/GROUP_ICON/103
- Size
  
  20B
- MD5
  
  78bb727f88e9a797284b4261136ce56b
- SHA1
  
  5ed1d3100502c999ae46a84582b2978c9a4b4802
- SHA256
  
  404e02d011bc669c67ead03b175f7eaab8a01e00c044f6aed26dc0fb1ffef4f5
- SHA512
  
  03c6330c230ad70cef010bca657ba0e51b7a6e6c160e7bd475ffbd6959d9f39d8d52ce273bbce0f46b133355933e774133038d2be11759f60c7dcead1792add0
Score

1^/10
behavioral15 behavioral16
- Target
  
  .rsrc/ICON/1.ico
- Size
  
  1KB
- MD5
  
  8fa7882ecb62bb08d3a77787b3a61828
- SHA1
  
  8ed6a04e14bd9b1ee86979aa0a76e3d1517b8135
- SHA256
  
  062242a58a7b68bedb64a45743cf03964f54725af10f699f3c702c3de6517592
- SHA512
  
  3e3d431efc18016b91df88c9ab8b86abbd9cbd1db51229d9966929b4254a74e96fee246cef851f3c5c60c3f7aeb83680065ac81bdd148b79c6bbeec65570784c
Score

3^/10
behavioral17 behavioral18
- Target
  
  .rsrc/MANIFEST/1
- Size
  
  726B
- MD5
  
  8ac7761540a25f0e446671e95051ad9d
- SHA1
  
  dc2cbe444228a356272452dcda6a5f4f58bec4f7
- SHA256
  
  46e35d3bb4e0d1dd59f3321fa8b908e7202b9bdf70151f941d58f9bee9c0ba67
- SHA512
  
  7375e939af102200af9facde9a02296f074f06ca0e155b763f51f0bf0c41b66140d6eceaf720194650cb3bd4e5376d94a36bc9fc42fccdb1942894b9d13a1a93
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  .rsrc/version.txt
- Size
  
  1KB
- MD5
  
  d742cfee34834c80b01b4067b80016bb
- SHA1
  
  a37fe061703436421ad5db537addddc8e8d45656
- SHA256
  
  fe2ef41054152a592b7a9b9a3e1295e9d3387ace64e420b45cfbf6281b3be22d
- SHA512
  
  2f3d2bdc84708c6cb17a97a58cc5a731fb4b24a9b00ad706d15bb54087af942fbf0f847b0b03feb6750fe5c80b88981046a4b8e830de4467a9ca1ad789a9b060
Score

1^/10
behavioral21 behavioral22
- Target
  
  .text
- Size
  
  27KB
- MD5
  
  00499a6f70259150109c809d6aa0e6ed
- SHA1
  
  3f4c995439cec283f1f51d71acb1f25bef740b63
- SHA256
  
  6cbf0a221c26d69af8cab6a9925b0b331082df7f79d671fafe3f4942145c76a3
- SHA512
  
  bad533ac5b9872c345212e7d70e23ab02dfa73b42882f76b45448d0a238afd1773e60ad755102a6d7b978af30acd78b0283b7f7f45c2cea9eacf869ea787a87d
- SSDEEP
  
  768:ZSuEBr5TxZ3ILakH+MQTbTf1YK5dEde6w4tKmc3K1RHpuiCYy:BErPZ3IBZcbTfu1HlrJFCP
Score

3^/10
behavioral23 behavioral24
- Target
  
  CERTIFICATE
- Size
  
  6KB
- MD5
  
  82b260033841d9bb028d2000b320a2f8
- SHA1
  
  567425c41d1a9d41f9a08af55fcf7067b2202689
- SHA256
  
  6aedb866e040d139bfa39bec55106b34edfdef75c1faa7b9c3ff8ee1139b6a3f
- SHA512
  
  a0329f6d3715cdcc1e1aaa61653fdb14da06e48ee470c52a917efe6c4389d571df1825be3c6578a517ed5d56589b0106659303e9f533419a3113d8eb2989dbe8
- SSDEEP
  
  96:dkb6NDlkBlpHpuKHmd7aN+1m+S1C9TxfaeZc3JUfhdyEi7ZHeE5m7foi00:pDWpHlHoaN+177xffeBZHlEo4
Score

1^/10
behavioral25 behavioral26
- Target
  
  [0]
- Size
  
  1024B
- MD5
  
  790e1924ea82fd5b10661585ca95efff
- SHA1
  
  8b57311029b59e78755b6ce5ae5ddb316811959a
- SHA256
  
  74324205f9328cca8c0c3dfba8f3a84b86115f8b6b9c2ff7c8404d4f8cb4deee
- SHA512
  
  592e3394d92f6c9e45d93f270cf41c674aafa290b7f1b136b6c704a41c0897e88fbe29522fd594a650c8efc6b2e91526e8254ffb2c7437b7e08a788599354867
Score

1^/10
behavioral27 behavioral28
- Target
  
  [1]
- Size
  
  893KB
- MD5
  
  cc137dc208fb52ae6714d1f49987cf3c
- SHA1
  
  13c325209a5ebf1a939d5d8f8299941ae1eb4787
- SHA256
  
  404914cba93d248cb8110413c8ea19028c6bcb6bb92116a916e74b60cc529dd7
- SHA512
  
  a5d2f307108e22fc648c27c9b7ee8abe19a6f17ed57b2b836c644120a313505d005b5844efe112cfe49605dbbccbb90f4d75e7229d4e2f5ab82cc26bf9253a71
- SSDEEP
  
  24576:T8NlvGOgHdQFQ/Dfw/EQky/vgNs9OHYkW:EvGOgHeFODfwcC3WsSo
Score

1^/10
behavioral29 behavioral30

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30