lumma | b3f2a5bde68ad2dcaea3c50ef3ea31162ce8a4b0ee31415f88730d9283dfba19

Sharing

Copy URL

Twitter E-mail

General

Target

Bootstrapper.exe
Size

250.0MB
Sample

250124-qagmcs1mej
MD5

7b61ea5d614308dabc45291947493a49
SHA1

44099e8be0221f7637c398ee4da64a10f032bf9f
SHA256

b3f2a5bde68ad2dcaea3c50ef3ea31162ce8a4b0ee31415f88730d9283dfba19
SHA512

6fc1b648b3c0b7adf7517281871dcf164c829bd5428604b2863e6347304a4784335490edad054cd3c1f128fb341096b161799139957cfe09e9091916d2cbf055
SSDEEP

24576:p+f23ewMKv+wONba7GdfD5igopXGUQ0+m8picMCgE5:0mewMKmwuua/iXWjdicMS

Score

10^/10

Malware Config

Extracted

Family

lumma

https://sheayingero.shop/api

https://toppyneedus.biz/api

Targets

- Target
  
  Bootstrapper.exe
- Size
  
  250.0MB
- MD5
  
  7b61ea5d614308dabc45291947493a49
- SHA1
  
  44099e8be0221f7637c398ee4da64a10f032bf9f
- SHA256
  
  b3f2a5bde68ad2dcaea3c50ef3ea31162ce8a4b0ee31415f88730d9283dfba19
- SHA512
  
  6fc1b648b3c0b7adf7517281871dcf164c829bd5428604b2863e6347304a4784335490edad054cd3c1f128fb341096b161799139957cfe09e9091916d2cbf055
- SSDEEP
  
  24576:p+f23ewMKv+wONba7GdfD5igopXGUQ0+m8picMCgE5:0mewMKmwuua/iXWjdicMS
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2
- Target
  
  $TEMP/Age
- Size
  
  60KB
- MD5
  
  84692b422690f4852cb88836dbb1e0b0
- SHA1
  
  931fd3f161113cb84407455b7786dd63bba3c15a
- SHA256
  
  cc2f5e9bac8af1aaf86d2c004f1b2234261b6722c1b821c2153d1835372ee875
- SHA512
  
  74f5610074976dc96c6e387e9719f789b4a2c4ec0cb1cafd20452df7b268a9468672a38169c447d534261ab7b085c135828bc0c84dc5831d5c82e3cd36161fa7
- SSDEEP
  
  1536:PB4kn0tqMUVmy95w51nUyX1K6yZfaTwYF3W:PSJ0MUf/iXA6yRaTwYNW
Score

1^/10
behavioral3 behavioral4
- Target
  
  $TEMP/Burner
- Size
  
  64KB
- MD5
  
  878f18ed4b302e6c94d0a190d145f697
- SHA1
  
  c67320a66d6148485dec9075081db6957ef50e3c
- SHA256
  
  96e0e15abacaa99c9120b398a4d0c9eecfb08d789666940b74759ce913979713
- SHA512
  
  8545bcf1a979bae7c1de2aa34a5198ec772161d021e3fb302de4bb631a6796dddc9093f91b7ba14e4d41327c463bb61d2ff0b1fa8bb48c7cdc9808d5cc2f652f
- SSDEEP
  
  1536:maUwWhxoMF7iH/qUQVL2BxNijHf8HMBVFL36mbROSgXKbnooLz98p:FUwWzPyBmBVN36mbROSgXKbLa
Score

1^/10
behavioral5 behavioral6
- Target
  
  $TEMP/Challenges
- Size
  
  94KB
- MD5
  
  0fd905bd29e18e664e3d3d9a6bb06ae6
- SHA1
  
  f532f1ba93228a60a483b40e4cd9c41e08877a27
- SHA256
  
  958643e7eba918e3867e1813480038d19716f39740d882755b7030ad8ac3bffc
- SHA512
  
  22416b891d9cb11adb5a5483e7eda868df6e5439ccfc635c077206c030d1814070c52718dedd3307983982d92a57b9644afd66f8e4936905da04ad4a3837f7a2
- SSDEEP
  
  1536:+G8FkoMUwKpESUm/6OSq25jyM8X8faP7/BUa4CV3rCnCcq/l12mo5krw1mc:+G8FMF0t/6NxyEaP9EcUjq/qrmc
Score

1^/10
behavioral7 behavioral8
- Target
  
  $TEMP/Columns
- Size
  
  56KB
- MD5
  
  1c070e2cfeee36acf2fc7eb8c940ea66
- SHA1
  
  bb0e3d8db79e93bc732227bf3b5328c34e2dc254
- SHA256
  
  9a34487568789c5baff8a4fc46f0759d8d7cc06189ccbff928c3f6f2a0cb3cbd
- SHA512
  
  d58a8eaa563a6f092d062f5d31b16195c48b9ac5a657c8e2dbcf658c000b24bbc092d2526a4976f820318a0586037b9e707b1b2f06b8c972e34b7f767c5024c7
- SSDEEP
  
  1536:slqzoIj0sDmaZI8dgSxezL/ZpKC6FUuPW:sl6pj0eq0xxezLZpKCis
Score

1^/10
behavioral10 behavioral9
- Target
  
  $TEMP/Flyer
- Size
  
  476KB
- MD5
  
  0338ef5a811b1886bc1c34f368cb2ffa
- SHA1
  
  d4c5d8a923c3271e1fd283ec1d8163b67db4dbbf
- SHA256
  
  3ddd2fe9b650e01e2f8b8940c47d5fc5039962a2f5315646c0baad6a2fdb0fa2
- SHA512
  
  8b0596bc09da58e88a959d3d73128e1db6c3095b283ee2e96be7048d055988c27b45f4a256ccaa22d489082262722900b8d01afd511efb8187153265266aced8
- SSDEEP
  
  12288:AOeGG0bOsunhawPG+B6NcYOXAf9bSQcTlVnfz2G8:AOQhtPbANcQf9uZrfy
Score

1^/10
behavioral11 behavioral12
- Target
  
  Baby
- Size
  
  133KB
- MD5
  
  a86c655555e2e198272d833d78eb743b
- SHA1
  
  0f6bb609d65d8ae521f15f2306162e69469c57c8
- SHA256
  
  d6108619ca2f1670ef01ec58fd62d98c84877c7d6cec6075f27e7b926d71de12
- SHA512
  
  26b4319d1fd657f3e66395fd8db2b229358d487c685a4d6ac42d61c7604eb9920b2da6c16fcfd6e81ed512edc715630122fd8b9a6066ee3e96c0155ea1273eb5
- SSDEEP
  
  3072:8Zg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3laW2UDQWf05K:8K5vPeDkjGgQaE/loUDtf0Q
Score

1^/10
behavioral13 behavioral14
- Target
  
  Box
- Size
  
  71KB
- MD5
  
  1b2da465247a01a3b76472249a3d0deb
- SHA1
  
  616f32ade9272c6d240506b8a74bdcccea9304ae
- SHA256
  
  94d5c530034c5ec9506c5e3b52def91b4e79b9222d7da2b712d00fe6f002d35b
- SHA512
  
  dfe9da0f3b449c24c751d4c0cda6a0377d1070461c4f25b1900057a02108c5768e350f0c0e217716cec77001a4f629e14f64d55894ff19f73f36c3e24abbeef4
- SSDEEP
  
  1536:Gjv18fRQLTh/5fhjLueoMmOrrHL/uDoiouK+r5bLmbZzW9FfTubb1/G:wv18mLthfhnueoMmOqDoioO5bLezW9F/
Score

1^/10
behavioral15 behavioral16
- Target
  
  Franklin
- Size
  
  93KB
- MD5
  
  56e4414823fd2b7142284ed6d5a363b7
- SHA1
  
  64ee8eff5dc6de329ca71d2bdc8280a55dde95ba
- SHA256
  
  c5a5cfbf1ad6b80af7b467a232a5c016f8e077e5e33a84c306bea7fd3c5b319b
- SHA512
  
  6e8f863ac5473e528a6eef96c07a56bdf2cd5572f2df68cf6745d5819c367160edcb098a378ef4d7de4814aa4a09705d1d11be2aa949c44b7d56f201952881bd
- SSDEEP
  
  1536:rFrbCyI7P4Cxi8q0vQEcmFdni8yDGVFE5gOHu1CwCMIBZwneAJu7QnswIPumV3Bk:rU4CE0Imbi80PtCZEMnVIPPBxT/sZ
Score

1^/10
behavioral17 behavioral18
- Target
  
  Indeed
- Size
  
  147KB
- MD5
  
  09c30eb57d7b8d5b6d2bed9172d72dba
- SHA1
  
  fc927ce49b240a9074d7cebc24ca184edbd8a1bf
- SHA256
  
  b321aaeea6b3b59d803228074d3d92a1f3c708c6b7ea46147c95511215cc105b
- SHA512
  
  fc34121fbbef228a8b250142cc10d47de6969f13d22d539c5e4411fe0af2c1117636413092e8fd756354b634a42f47bd6e584700ca79f8ab3113ad64f6ad2fd4
- SSDEEP
  
  3072:2de6u640ewy4Za9coRC2jfTq8QLeAg0Fuz08XvBNbjaAtsPB:2d314V14ZgP0JaAOz04phdyp
Score

1^/10
behavioral19 behavioral20
- Target
  
  Intensity
- Size
  
  1KB
- MD5
  
  f61e65c8b5e558627396ed8261aee6a4
- SHA1
  
  9a35551af1d6bf2ffa97d15ec9c5b39d0f6d505a
- SHA256
  
  86d914001ade248c24ebdc8e38e39565c4f5bc2bd05deb357cae22d805707d72
- SHA512
  
  65be47472dca6c4eb8e099d54dedb8169486449832ff29ed563d632954d48789731b16fb442717efed0b5742e7a672c11e032fd4ccfde6b6e0cd77a32e8c9b92
Score

1^/10
behavioral21 behavioral22
- Target
  
  Keyword
- Size
  
  124KB
- MD5
  
  6349c17c75b1138329f07491744a9ed4
- SHA1
  
  840c353b3f6a3dfc0b75bb389e2d9903c98890d2
- SHA256
  
  15c91f0da6a7118a864f230d59149f8d56bf3d50404fd5b5c2b610a5dab0d293
- SHA512
  
  bea4e290e2b7a246e42facd5a987894b267881f26154d67f56b179168b1da9c9338d41f9808f63e1d0de8995c50e321e44d228d1cef761ea8faf9f159904b787
- SSDEEP
  
  3072:jydTmRxlHS3NxrHSBRtNPnj0nEoXnmowS2u5U:j7HS3zcNPj0nEo3tb29
Score

1^/10
behavioral23 behavioral24
- Target
  
  Monday
- Size
  
  84KB
- MD5
  
  b8eac858c394e989430167327a8ae7cf
- SHA1
  
  c7226e8012f0888b7bec48d0afade50534db1fdc
- SHA256
  
  45dd80aa6a648289f7f13b413884b6e288018c8178bce3df58c53b49e51f68fc
- SHA512
  
  5f6005be3db377c0050189d8ddab64f1e43e61f0471a6239d03af705f51cdb3d64ba3011fdb8c9c7d569cf4321f0abb13a0fcf1f088397fae390d5bcc4aaf802
- SSDEEP
  
  1536:bjKu2IwNnPEBiqXv+G/UXT6TvY464qvI932eOypvcLSDOSpZ+Sh+IA:bjccBiqXvpgF4qv+32eOyKODOSpQSi
Score

1^/10
behavioral25 behavioral26
- Target
  
  Mutual
- Size
  
  67KB
- MD5
  
  07d393f56efd3b9326606b437b71f1d4
- SHA1
  
  bd63b40e51e2e6c68a266e9f06f20b94e29c882c
- SHA256
  
  f0ef7a9e9dce3aebcf8e05805ba9c1c912c4faae9e01b9ca3efd2ec83f528414
- SHA512
  
  ad6471df9322535eb862d86cbd342ddf3e744932889972d310412b06c0a66af807f708c115232f29278c074ec9611896e91876a99ba468494bd4304a1378f559
- SSDEEP
  
  1536:Iu0uZo2+9BGmdATGODv7xvTphAiPChgZ2kOE6:I4ZNoGmROL7F1G7ho2kOb
Score

1^/10
behavioral27 behavioral28
- Target
  
  Native
- Size
  
  90KB
- MD5
  
  b09fe66fe9ba0c96d5f09e3cceaf61a8
- SHA1
  
  04e173e7bc1d3c632d206b2f38bdd2bac4b40a21
- SHA256
  
  b5f56cd6ac094dec19e7b1ff1ed162dc07d4ca3af7579adca5ac9c43a44640dd
- SHA512
  
  746a22266eb2c8d8d89de5dd3c605ead29d2bf0b172bdedcd6d298126dcc02522707e488c3400cd2edb7cd0265a7e12212b16ff336f148a39a252055c653a959
- SSDEEP
  
  1536:wHRu+OoQjz7nts/M26N7oKzYkBvRmLORuCYm9PrpmESvn+pqFqaynB6GMKY99z+S:OVOoQ7t8T6pUkBJR8CThpmESv+AqVnB4
Score

1^/10
behavioral29 behavioral30
- Target
  
  On
- Size
  
  114KB
- MD5
  
  6c1c4f39f2bb55057641898e3d376930
- SHA1
  
  b43b16c85687517d3dd83f82b6b421304f7e628d
- SHA256
  
  48e5d116dc1494dbd8905eec10832aa7ce19f4f812d91514ab6fce5ce6f57cf7
- SHA512
  
  ff4ee5c654f50bea1fb92ace656c952ef573759f08ce072468d5029e6c38d77609a200de54f49c68c9fecf6ed515dd2864ba3acb1a5ce523d6a3efae9745a3f0
- SSDEEP
  
  768:bSGKAGWRqA60dTcR4qYnGfAHE9AUsFxyLtVSQsbZgar3R/OWel3EYr8qcDP8WBH:vKaj6iTcPAsAhxjgarB/5el3EYrDW9
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32