Overview

overview

10

Static

static

1

bleoso.exe

windows7-x64

7

bleoso.exe

windows10-2004-x64

10

.data

windows7-x64

3

.data

windows10-2004-x64

3

.rdata

windows7-x64

3

.rdata

windows10-2004-x64

3

.reloc

windows7-x64

3

.reloc

windows10-2004-x64

3

.rsrc/DIALOG/105

windows7-x64

1

.rsrc/DIALOG/105

windows10-2004-x64

1

.rsrc/DIALOG/106

windows7-x64

1

.rsrc/DIALOG/106

windows10-2004-x64

1

.rsrc/DIALOG/111

windows7-x64

1

.rsrc/DIALOG/111

windows10-2004-x64

1

.rsrc/GROUP_ICON/103

windows7-x64

1

.rsrc/GROUP_ICON/103

windows10-2004-x64

1

.rsrc/ICON/1.png

windows7-x64

3

.rsrc/ICON/1.png

windows10-2004-x64

3

.rsrc/ICON/2.png

windows7-x64

3

.rsrc/ICON/2.png

windows10-2004-x64

3

.rsrc/MANIFEST/1.xml

windows7-x64

3

.rsrc/MANIFEST/1.xml

windows10-2004-x64

1

.text

windows7-x64

3

.text

windows10-2004-x64

3

CERTIFICATE

windows7-x64

1

CERTIFICATE

windows10-2004-x64

1

[0]

windows7-x64

1

[0]

windows10-2004-x64

1

[1]

windows7-x64

1

[1]

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bleoso.exe

  • Size

    1.1MB

  • Sample

    250107-x9c7jsvpfw

  • MD5

    5421ec33225b0ffbc3e15ff647b52064

  • SHA1

    47bd52bc61b7ca0870774e5e57ed044a08c73fc3

  • SHA256

    6d7f1b46227593ce58ce2eac041a23e90f9fa45b2d609f17b1ac0cef8959ed0b

  • SHA512

    c0e1b5df77455e3afb3a0bcc029e81f551e99b832f816cb362bc9e0b0a1fa54dd6e09e7b201b2276a1d732784f2b00a41db264ba365fbfa88b8087da64547b9b

  • SSDEEP

    24576:+ifOu5Zt+AnkGPKv+bN8fspSkVfIhohNkokVQAb/20Ux6LNgZNmb7Tb7j:H2uRkGPKv+Jfe6rjWT0UgzU

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Targets

    • Target

      bleoso.exe

    • Size

      1.1MB

    • MD5

      5421ec33225b0ffbc3e15ff647b52064

    • SHA1

      47bd52bc61b7ca0870774e5e57ed044a08c73fc3

    • SHA256

      6d7f1b46227593ce58ce2eac041a23e90f9fa45b2d609f17b1ac0cef8959ed0b

    • SHA512

      c0e1b5df77455e3afb3a0bcc029e81f551e99b832f816cb362bc9e0b0a1fa54dd6e09e7b201b2276a1d732784f2b00a41db264ba365fbfa88b8087da64547b9b

    • SSDEEP

      24576:+ifOu5Zt+AnkGPKv+bN8fspSkVfIhohNkokVQAb/20Ux6LNgZNmb7Tb7j:H2uRkGPKv+Jfe6rjWT0UgzU

    Score
    10/10
    discoverylummastealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

    • Target

      .data

    • Size

      512B

    • MD5

      014871d9a00f0e0c8c2a7cd25606c453

    • SHA1

      92d7e0d8d66861f702d867dac616b7d02bca94ec

    • SHA256

      637a3943c555de3601588a8398252a905d18c17f9d49f750b812daa630abac68

    • SHA512

      3f1e945759614a0e0ee05d8cc7c9d3a9f0b2954f64c173dd8f755d6b422c0b2f1f7a5c3af8aa54f3c6909de65c125e048dd8d17ee55da3989c4b2c807d83874c

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      .rdata

    • Size

      11KB

    • MD5

      07990aaa54c3bc638bb87a87f3fb13e3

    • SHA1

      05985b7f60a664d2595e9406ae3b208c97597bbc

    • SHA256

      b38b34dfbb61b5fc0659b9861f09dfdaaa743cb97bf0134e7bab66a75ddc940e

    • SHA512

      0017dd49d85c6aa9e8351c7da60f1150cb241022664151f0d2182a7a344f46286eb9f131f75a5f1adcef57a1362689a3c40a37547acc262aba92b742c13b65ad

    • SSDEEP

      192:wiR1IorPNhxjQFOdiq343py7JRWVS7yWymPn:9RiaPblQFdq343pwrWVaymPn

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      .reloc

    • Size

      4KB

    • MD5

      b84630f1a7f6e191bc7b4dcce9a83b70

    • SHA1

      b707e635655ccaecc859740009d63d95b29959ff

    • SHA256

      4d8bed210be2dca40a53c61cd8d856f5664229fe108907d419089b7244aa34f6

    • SHA512

      819030a1ec626aa98caf2acd95f9b1be0f4841e51e4a28a19ec717575ad8b69632ac339017ce8e1948e086163bf3113b4fbc6d3b4d277f9d7e2c80dbba6aca1d

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      .rsrc/DIALOG/105

    • Size

      256B

    • MD5

      3409f314895161597f3c395cc5f65525

    • SHA1

      1a99d016d65e567f24449d9362afb6ac44006d0b

    • SHA256

      fecdb955f8d7f1c219ff8167f90b64f3cb52e53337494577ff73c0ac1dafcd96

    • SHA512

      f3e7394fa49325a7ea46728b77a5e819e18d63049d54c6adf36d08619709484f8bbd20206416d3c1440bd70632d99d9a45f3488482353f90aa21aa6ee3915427

    Score
    1/10
    behavioral10behavioral9

    • Target

      .rsrc/DIALOG/106

    • Size

      284B

    • MD5

      2d12c45dc2c029044aaff357141cb900

    • SHA1

      083db861ab3c7db23c6257878296e73a89a74b8b

    • SHA256

      69897c784f1491eb3024b0d52c2897196a2e245974497fda1915db5fefcf8729

    • SHA512

      a50dcf605a914f0a6f94b3f815be159c2b729d005a25d6cc9120c4d34445cae2d0b20df3dbdc7672f316010c6a47079265548a1ed5a523896963b1a3ddf98a17

    Score
    1/10
    behavioral11behavioral12

    • Target

      .rsrc/DIALOG/111

    • Size

      96B

    • MD5

      6be4e1387d369cf86e68eacbdd0e81dd

    • SHA1

      351970fe2681b9b35b5d59ad052011ed96a96e17

    • SHA256

      85025c8556952f6a651c2468c8a0d58853b0ba482be9ad5cd3060f216540dfc0

    • SHA512

      b81b287de73282cc5a7337559fbce5af01d1a440f04ee97c6a8e1de0c787ef38936c951b802014b841fc517fe7f2b916266dc8c35cd5de1ad0c630dc2218fa81

    Score
    1/10
    behavioral13behavioral14

    • Target

      .rsrc/GROUP_ICON/103

    • Size

      34B

    • MD5

      5bcc299a0183f596f8a64e5b8aaad542

    • SHA1

      0bfc43cac53f2e965b85b8137956331e0daafe68

    • SHA256

      c6e07242878d1f8f2d85407433b6b360b4fef0090f8058c25256229d16ffb5fd

    • SHA512

      5489d42ce6e5ef4b1304c82f25c86bf7717d9745aa3e3deb837bf3422993ab1aa0e8484ee8cccf4e2052d5d9cc80f2d7542d645dace277c7ee7c80b24f855929

    Score
    1/10
    behavioral15behavioral16

    • Target

      .rsrc/ICON/1

    • Size

      32KB

    • MD5

      e72247858a635bf65d2ce4dfe4f9b156

    • SHA1

      52acbaf1104660fd4a6a650a823c90a0bcfaedc9

    • SHA256

      c378510259e8b6c35bb144a050a3de1890c5469f0d72955d2c5c29b16c2064fb

    • SHA512

      a8962dcbe6bae0bcea41464e910e15c7d036edf430b4171b5baea2b4390593b945b6def9e13ef4a25a5ff010e32fc5ac1690eb62800313e1a3dbb6a757e620f5

    • SSDEEP

      768:ZM7qBESRVq9uNPm3WdogY4YBecpOKK0Soh+OBaBRS1dlMp:Zk2Vpm9V7BvptJSoh+Oc01dlMp

    Score
    3/10
    behavioral17behavioral18

    • Target

      .rsrc/ICON/2

    • Size

      10KB

    • MD5

      96230c0e4ee4e020c2a55237d79712fd

    • SHA1

      1ea8d0db2f3c122743e69d44d2a9fdf283dff779

    • SHA256

      1bbf4a81b682dd52f9ce9f7dc40f1465b8ab707e8eade944f3add3a3331367f3

    • SHA512

      59810f78156589567bda3ede4aa630dee67d093df38202d4658fb0dff9a8917fad9031a9fd0023f720e925720fb10e5c6f49223ff81b1972d9533d6a75723684

    • SSDEEP

      192:BjN4iT/G4hp60My6oM0OyIg19TPXYHwz+LDo7TZHXZT:oiT/Gugy6oM05RTP0waLc7TVZT

    Score
    3/10
    behavioral19behavioral20

    • Target

      .rsrc/MANIFEST/1

    • Size

      726B

    • MD5

      98532ccf2df2c019bd9791a767c99973

    • SHA1

      8a1cb5e5cf470e6b3ab544bf8009132d87d2326b

    • SHA256

      2bf05590410fb6b30494a3251789f0d8a4b9da7f3e87fe89b64cace1bc0a02cd

    • SHA512

      2f3ae5393b95c33c17702d5d358c6545457112d96e2a3a8d7a2fd82bbaff6a82b29787d95b3c6f4dc69cc23373c8e129057f80b1e4ca072d3f4f1752067d664a

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      .text

    • Size

      27KB

    • MD5

      00499a6f70259150109c809d6aa0e6ed

    • SHA1

      3f4c995439cec283f1f51d71acb1f25bef740b63

    • SHA256

      6cbf0a221c26d69af8cab6a9925b0b331082df7f79d671fafe3f4942145c76a3

    • SHA512

      bad533ac5b9872c345212e7d70e23ab02dfa73b42882f76b45448d0a238afd1773e60ad755102a6d7b978af30acd78b0283b7f7f45c2cea9eacf869ea787a87d

    • SSDEEP

      768:ZSuEBr5TxZ3ILakH+MQTbTf1YK5dEde6w4tKmc3K1RHpuiCYy:BErPZ3IBZcbTfu1HlrJFCP

    Score
    3/10
    behavioral23behavioral24

    • Target

      CERTIFICATE

    • Size

      11KB

    • MD5

      27d30cbaf49939eaf8180f7f191b9200

    • SHA1

      e97488394a2e548a761619fd71caf3c11baa4ffc

    • SHA256

      8412bc8409ec94f7356ff057b9e11c41463418d74db1efebee3e272a4fff6cb3

    • SHA512

      48bd794b0a99357cf48aa79b409311517534388912767b9c8d8e877881249768c3c2c11509d99b58bfb7d3b02bcc874dcdb26088ea85fc6a1885a29ab31c949c

    • SSDEEP

      192:npPIKfhig1R7JNPQdOgYXsUo1/wfT/5QyrWrMIoWSx++Xa21R2YunS:npwK3fGkXTo1/wfT3ir2WSx7bL2YH

    Score
    1/10
    behavioral25behavioral26

    • Target

      [0]

    • Size

      2KB

    • MD5

      f4f0c5282559707670a306c46097ffcc

    • SHA1

      3417351819d02450b527af5b3dbba95c52f911e5

    • SHA256

      8f4fff35166f08142b23bf90e5c36f72c3a730b549d172768c2fa855a338122e

    • SHA512

      ebda56045c88ad3b87a896e06cf3747d411a28e4270554de5ad25a28343a4b3f54008dc4458e624097ea157208e2944d67c64770346047a202e0d978adf88175

    Score
    1/10
    behavioral27behavioral28

    • Target

      [1]

    • Size

      999KB

    • MD5

      3ad6aed17aab99fc21d5bfd4861e04fd

    • SHA1

      44f7aa130999ee7a9fed8c26f9e76f1ae52b3f05

    • SHA256

      d4b49566460f73b02ebda32a6736f3afc9e9f9fc275b08801307b654165cb0b0

    • SHA512

      87a7cc3a1923bbc455cd89cdec62c3227a9d97e3131c31fbc3a6975f6e3b3747cddcbf906129ea26f5e5ac3fcc877afcab0381fac1aae1684f116e9292088d3e

    • SSDEEP

      24576:bu5Zt+AnkGPKv+bN8fspSkVfIhohNkokVQAb/20Ux6LNgZNmb7j:buRkGPKv+Jfe6rjWT0Ugzo

    Score
    1/10
    behavioral29behavioral30

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
1/10

behavioral1

discovery
Score
7/10

behavioral2

lummadiscoverystealer
Score
10/10

behavioral3

discovery
Score
3/10

behavioral4

Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

Score
1/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10