lumma | 04cb3fda38692e884e8782a79b4b431cc2f50a3a0a7bd4c368f35df4b536e6ac | Triage

Submit
Reports

Overview

overview

Static

static

1

ReleeseBoo...rs.exe

windows7-x64

ReleeseBoo...rs.exe

windows10-2004-x64

Sharing

General

Target

ReleeseBoostrappers.exe
Size

1.1MB
Sample

250104-qxj11atpgr
MD5

1c8f61ebae1e301d9b521e2e4661ea71
SHA1

e4419155b9e29c822bb82430222a466f8d18c979
SHA256

04cb3fda38692e884e8782a79b4b431cc2f50a3a0a7bd4c368f35df4b536e6ac
SHA512

c09777c8d426b3320c2cbe828b20dfe516773d28a8f24f8c1e58ad1bbcf838cbf3eaa6b0960a0ea2b939d1beb38c9a321681afe24cd49878c9cca9563c75bb50
SSDEEP

24576:zFKaf+2MOlrq3F1rjhrRQirOO3GrR1YNgjUytyVXyoso+fvVBZM04k87:Zdm2Hl2VveRH0yoD+nZMn97

Score

10^/10

lumma discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

ReleeseBoostrappers.exe

Resource

win7-20240903-en

lumma discovery stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

ReleeseBoostrappers.exe

Resource

win10v2004-20241007-en

lumma discovery stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Targets

- Target
  
  ReleeseBoostrappers.exe
- Size
  
  1.1MB
- MD5
  
  1c8f61ebae1e301d9b521e2e4661ea71
- SHA1
  
  e4419155b9e29c822bb82430222a466f8d18c979
- SHA256
  
  04cb3fda38692e884e8782a79b4b431cc2f50a3a0a7bd4c368f35df4b536e6ac
- SHA512
  
  c09777c8d426b3320c2cbe828b20dfe516773d28a8f24f8c1e58ad1bbcf838cbf3eaa6b0960a0ea2b939d1beb38c9a321681afe24cd49878c9cca9563c75bb50
- SSDEEP
  
  24576:zFKaf+2MOlrq3F1rjhrRQirOO3GrR1YNgjUytyVXyoso+fvVBZM04k87:Zdm2Hl2VveRH0yoD+nZMn97
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer

© 2018-2025

Terms | Privacy