Overview

overview

10

Static

static

1

Bootstrapp...or.exe

windows7-x64

10

Bootstrapp...or.exe

windows10-2004-x64

10

Commission...ed.cab

windows7-x64

1

Commission...ed.cab

windows10-2004-x64

1

Above

windows7-x64

1

Above

windows10-2004-x64

1

Biodiversity

windows7-x64

1

Biodiversity

windows10-2004-x64

1

Facts

windows7-x64

1

Facts

windows10-2004-x64

1

Imaging

windows7-x64

1

Imaging

windows10-2004-x64

1

Ipod

windows7-x64

1

Ipod

windows10-2004-x64

1

Johnson

windows7-x64

1

Johnson

windows10-2004-x64

1

Photo

windows7-x64

1

Photo

windows10-2004-x64

1

Porcelain

windows7-x64

1

Porcelain

windows10-2004-x64

1

Purse

windows7-x64

1

Purse

windows10-2004-x64

1

Selling

windows7-x64

1

Selling

windows10-2004-x64

1

Violence

windows7-x64

1

Violence

windows10-2004-x64

1

Zdnet

windows7-x64

1

Zdnet

windows10-2004-x64

1

Commission...Loving

windows7-x64

1

Commission...Loving

windows10-2004-x64

1

Commission...rophet

windows7-x64

1

Commission...rophet

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BootstrapperExecutor.exe

  • Size

    1.1MB

  • Sample

    250123-dcwg3szlbp

  • MD5

    ee5812a0d3fd5839ad9d8ea190e37101

  • SHA1

    bfec5cd5f72a58995ec3fd1dc909489b94276521

  • SHA256

    acd63befad112fd5dfe1f20a52f101fedadd14b69a89e0b1f2975d4a4452eac5

  • SHA512

    60541b369a748db0573616d7bede82f7909dc7479d8ee87085a3549b3d08b96af09a2d963a6ad78d4ed588c2c333d077e337bbc9b216199d10c0762fafa386ce

  • SSDEEP

    24576:anU6OCXqs1DXccd4c+KrLC/NPnQYoL4aRw/Nc2Wy+RwJayd948kPAA9fmS:ITOApXc3c+dF/nfaRKNc8+CJTvHA9x

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://tradersneez.click/api

https://impolitewearr.biz/api

https://toppyneedus.biz/api

https://lightdeerysua.biz/api

https://suggestyuoz.biz/api

https://hoursuhouy.biz/api

https://mixedrecipew.biz/api

https://affordtempyo.biz/api

https://pleasedcfrown.biz/api

Targets

    • Target

      BootstrapperExecutor.exe

    • Size

      1.1MB

    • MD5

      ee5812a0d3fd5839ad9d8ea190e37101

    • SHA1

      bfec5cd5f72a58995ec3fd1dc909489b94276521

    • SHA256

      acd63befad112fd5dfe1f20a52f101fedadd14b69a89e0b1f2975d4a4452eac5

    • SHA512

      60541b369a748db0573616d7bede82f7909dc7479d8ee87085a3549b3d08b96af09a2d963a6ad78d4ed588c2c333d077e337bbc9b216199d10c0762fafa386ce

    • SSDEEP

      24576:anU6OCXqs1DXccd4c+KrLC/NPnQYoL4aRw/Nc2Wy+RwJayd948kPAA9fmS:ITOApXc3c+dF/nfaRKNc8+CJTvHA9x

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

    • Target

      CommissionersReveals/Claimed

    • Size

      476KB

    • MD5

      20fc38827d4eb4452035cfcfee2d8c14

    • SHA1

      aa4ec6a834a732dabfe1e068b05bf8b5ac9412b5

    • SHA256

      f2f03b313f4007bdfac6dd5bb15eddeeeeff5c40553acc31d0906fe08a9c275a

    • SHA512

      0ea8b707989dd684944b3f83f94eb5479414323f2177d888bebc2b104238f9f0f353718b714737667bcd9ec00cce52aa248e9f639b0fbd1ac4bd3b9b5e8236a0

    • SSDEEP

      12288:gnzJfqkTCuKslGYaBQY6Z0kFHN6tbKspds:gnhqcCQMgYu0sqXpds

    Score
    1/10
    behavioral3behavioral4

    • Target

      Above

    • Size

      59KB

    • MD5

      d88e04f7a23e77ad1be7d45352d1991b

    • SHA1

      c187f58ee4ee55f86cc9e9fb884e4648621ac9c3

    • SHA256

      ea7713f92c5e61dce396c08c527bc0820033e9344e4f21ecd8f0455da1a9de12

    • SHA512

      6ec1db2eb816f5ecb823f3044a1c8e990b8654f0cb132c91508a68f45cf78cda89e64cff8c3c61daf05f53e55c9272b360d9ca170378808cb296611f499d9ad2

    • SSDEEP

      1536:i7HE+tKA3QkvyNf7Xw2U0pkzUWBh2zGc/xv5mjo:iyA3laW2UDQWf05mjo

    Score
    1/10
    behavioral5behavioral6

    • Target

      Biodiversity

    • Size

      1KB

    • MD5

      4fe6f5461c7c40db33d910a12fec2a79

    • SHA1

      aa2ee0de4e71001550a3945081882d4a8a1c2d59

    • SHA256

      b004161a9eda8d8aa733a38062146c9bceafc32ba621a758718605506010aedf

    • SHA512

      e41e3b7cac3c86b17ed5c535709b62ac2889f8326f2478e70ebae80d75566e1516ce2e603461cb550b1ad226894a7f96d946c42ec0c571627cfbc88accb4b557

    Score
    1/10
    behavioral7behavioral8

    • Target

      Facts

    • Size

      57KB

    • MD5

      60ffad7f702c52c0335984fba06dca2d

    • SHA1

      11100fc0104616b4c79fe10e71694d5fad766a58

    • SHA256

      e7bbd8738ebde9f732b70120304516a70e75ae8448fd7b135941888c435dab28

    • SHA512

      632a5660ea545994a17f4643bc74beac19509676a16ce38f31cbc9defd0f4987b64a13fa3b25265c586c6added16c6d7c6a46bcd9238514d916d902e958284fe

    • SSDEEP

      1536:b1vtK7h6R8anHsWccd0vtmgMbFuz08QuklMBN4:oq8QLeAg0Fuz08XvBN4

    Score
    1/10
    behavioral10behavioral9

    • Target

      Imaging

    • Size

      135KB

    • MD5

      561abfe4a979b2713e00849ef7b5750f

    • SHA1

      7894820d54b3bd0d0cea927da161e65d408abbb2

    • SHA256

      ef840c0c3741162a4055f501a50535dc9f1ab3f1a2adc3ea363aebf3fd0a5834

    • SHA512

      bcf4670f8889b25c4e7e9b5e2dc567cd952874abb53ca7b481cd90216254a0a80d5107f3317962440f461b0fbd6bb89d4d3c4d562e6bc6270d8cd0fe51fcc8ee

    • SSDEEP

      3072:RlHS3NxrHSBRtNPnj0nEoXnmowS2u5hVOoQ7t8T6pUkBJR8C8:vHS3zcNPj0nEo3tb2j6AUkB0C8

    Score
    1/10
    behavioral11behavioral12

    • Target

      Ipod

    • Size

      75KB

    • MD5

      2eafff2ca929d25609899da5168732ce

    • SHA1

      ee838b4a882cb68de828bfdd31013bebbcddca3c

    • SHA256

      18757fe406aec7ed2c45e2e380ce3f1bf409fba01ae4a1a195958ff69718e1eb

    • SHA512

      6b471e93d739b46e2bb42b24dcc22b71d43b6ddf0e4761c23d451647bd9a39c2be37cb35690e446391c045724459db5a62d29c0c6b42ab8797a02784581ee1b2

    • SSDEEP

      384:TOximDQxahM2I4kDehJ06HrpRD9HPmPuki09PrOa3HwwuBcozc/mwftIQXoSpu8c:TOU7aI4kCD9vmPukxhSaAwuXc/mex/Sz

    Score
    1/10
    behavioral13behavioral14

    • Target

      Johnson

    • Size

      43KB

    • MD5

      e254802b09d9b8bd3847a0df8a078325

    • SHA1

      44490d529dcf461b0d6c6418a2059b0cc6557afd

    • SHA256

      bb046cff9ed9fc400735abf70c05ef8a1971dd4df24b6fad7995d98881de5ed2

    • SHA512

      128736e13f9311cdbf2d2aa2e5b65a8117ab04a40550c232be60b424c608980bfb337730cc29153db18fe06eaca48b6e3085439588568545c27c3848f67f03b9

    • SSDEEP

      768:1BGmd9OTGQ1Dv7sMvLHfR/ZByLiFuO/ChgZ45VatJVEV3GPkjF:1BGmdATGODv7xvTphAiPChgZ2kOE6

    Score
    1/10
    behavioral15behavioral16

    • Target

      Photo

    • Size

      65KB

    • MD5

      1f34b509444ddafdc5db392355d6030c

    • SHA1

      0eb74a71e7f9d032202907e53a5eca616f0854eb

    • SHA256

      c3aac528b8ce09f7fa8a8f093bba53a5f931c057fff82703cdb85dd93df2d07b

    • SHA512

      21255d420fe6d5dec4bcf880e208df1a39875b3d404c8892f07c228edc6d20431a95ab05c63418f9b2cd15a9eaac74991b758d5869345b86abed69dfd12772a6

    • SSDEEP

      1536:EuDoiouK+r5bLmbZzW9FfTubb1/Dde6YF640L6wy4Za9IN3YRYfv2j62SfuVGH/:VDoioO5bLezW9FfTut/Dde6u640ewy43

    Score
    1/10
    behavioral17behavioral18

    • Target

      Porcelain

    • Size

      55KB

    • MD5

      89ea696be802aaf4204fc6c0b76afcc6

    • SHA1

      9ede6af57ea48370afc71afaa3adbfef5208eab2

    • SHA256

      899437f29213e6649b4c000ee9827e3cac3bd8028c7a2eff28627ab9d88e827a

    • SHA512

      748097e7f81658cda377b09559e82d00ffbdbed057188336aedfff156c172604b2d9138309b7d127ecaa706f1373ada29f491ff0a3e6ed9ee87bf44717172edd

    • SSDEEP

      1536:NBZwneAJu7QnswIPumV3BxZxu6/sPYcSyRXzW8/uC6LdTmHwANH:3CZEMnVIPPBxT/sZydTmRH

    Score
    1/10
    behavioral19behavioral20

    • Target

      Purse

    • Size

      141KB

    • MD5

      fcf10aef7e06666b64bd2166f710a8f4

    • SHA1

      4168d616038689401e6aec4d7918245ea7e95652

    • SHA256

      ac89bff5c9d9af8fe4506382fd7772e1e464f7904a554e75f34963516a848bd3

    • SHA512

      295269e5123347ddf10cc2212e569a7cb389d2a33b3fad2dc7327ab8bdb8f956a7ac7f6592489a47889f95b2126bd63e664f28ca72a3c68e52481905e55e796f

    • SSDEEP

      3072:LcBiqXvpgF4qv+32eOyKODOSpQSAU4CE0Imbi80Pp:LcB3gBmmLsiS+SAhClbf2

    Score
    1/10
    behavioral21behavioral22

    • Target

      Selling

    • Size

      120KB

    • MD5

      ef6c0c4a03942b898c1345fc5e2923d1

    • SHA1

      802a01cee96e04725ecd527c5f9426fca7edbd35

    • SHA256

      fc4c66f7e940be137583a37a40c71ddece824dcb2c945049c56d377f869c8266

    • SHA512

      98cd652ec23a7acac03c5097e6e9cc41003eb7146e7eaf21db7ae36de30d1cd6e8cfaceb1978f18e3e446944d776080481eb45e71a1ffd1c52cfe2cb1641ccaa

    • SSDEEP

      1536:KKaj6iTcPAsAhxjgarB/5el3EYrDWyu0uZo2+f:U6whxjgarB/5elDWy4ZNS

    Score
    1/10
    behavioral23behavioral24

    • Target

      Violence

    • Size

      85KB

    • MD5

      98624849254fb1f0653da5db882e1560

    • SHA1

      5c7967add2247827f8d8fcc4f7311a66a4a36204

    • SHA256

      0656568395a1b68f778098b6d3519bdfd86dd9f5a39da10a5850b2b17545f139

    • SHA512

      27dc9d10e8c3113f62028435ddc51b9402a8d507ea1f43a88a300374a722ad20fba8c7877bc483a0f55deb0cee25e3bb64d54c32cc032e4d1384a1626d8e2fe1

    • SSDEEP

      1536:R1/AD1EsdzVXnP94SGGLpRB6M28eFvMVpYhWoXElJUzdlDfFgQa8BpDzdZPG:RZg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/y

    Score
    1/10
    behavioral25behavioral26

    • Target

      Zdnet

    • Size

      88KB

    • MD5

      ad758f1e2bc2c34ec6c8a23df9236746

    • SHA1

      48807f2ec69dc2cd96f78a7809d99f63853acb81

    • SHA256

      c806b7ae24975aa2b7c4635d4c75781a97092e820946c0405630d7441985f3c2

    • SHA512

      b17ba342403e16ecfde952dc5f482ad31c011375d3791046fc056170001073c169101e2cd37939c95cdbd19ee785b9ae53b572daec7a4628f013136c163f73dc

    • SSDEEP

      1536:5m9PrpmESvn+pqFqaynB6GMKY99z+ajU1Rjv18fRQLTh/5fhjLueoMmOrrHLa:UhpmESv+AqVnBypIbv18mLthfhnueoMu

    Score
    1/10
    behavioral27behavioral28

    • Target

      CommissionersReveals/Loving

    • Size

      74KB

    • MD5

      f31b4023aa01fb113405a331278ab9a9

    • SHA1

      393714a5765d77cf96b8642410eb2bba0cda5313

    • SHA256

      169d4ad56c587292db439bea272a5f0f212a509c0ea3946136cd82d3a4512cc0

    • SHA512

      0b28dd7e7f6718993453df48c712e34cc9ec0bff5eda9d152052015861f9cec0acb72b34715bb2d6601683f0fcef3ecf8563032b6cf8dd9b96e5b01992456fca

    • SSDEEP

      1536:1udzPDLv5gUB18DVfWO5cTnBKkna39SR0vFi8yoEop4Ve4o9x:1udzP/hgUv6fWucTcd3RFi8yoE1Vto9x

    Score
    1/10
    behavioral29behavioral30

    • Target

      CommissionersReveals/Prophet

    • Size

      67KB

    • MD5

      cd937d6d4d1cebc84b5150d1a3d4db6d

    • SHA1

      7bbef6be5454bf941127e3d0762247e3f918b2f0

    • SHA256

      66a998c2b5862f22b098f00ce1ae1e08e9b7298a9ec57aa8db3bf2db253a3a81

    • SHA512

      1f939a423cd0e731db0d9f88fe3cbe28c5de067403fe6d9b8f5036fe36f97bbce712e4fa0d68196b712fe4d5d5a73d6ee9624ada0598b81effe7178f7b213d49

    • SSDEEP

      1536:QwCQPIgJGQXJgMjNFcARhjzvGAelBLorjkZATUZ62++aeQ:Qe7uMoUTWBAGATKE+q

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
1/10

behavioral1

lummadiscoverystealer
Score
10/10

behavioral2

lummadiscoverystealer
Score
10/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10