lumma | 5827829bcba2d503cb6c2abbab4d61c1c52c679d02f34ffe54b554e4ea122306

Sharing

Copy URL

Twitter E-mail

General

Target

Bootstrapper.exe
Size

250.0MB
Sample

250126-ykbsvs1pbv
MD5

02accff8864d41a998534bb8e1ee3ecd
SHA1

c3e6bf3714921bb2eb5c3ab3c5c514740775def9
SHA256

5827829bcba2d503cb6c2abbab4d61c1c52c679d02f34ffe54b554e4ea122306
SHA512

d80c197a7182ad63569313dc9cac41c4b325c6f2633cffbacf726e8831eb78ba2b90fb1a0c884018c1755fecad28458ebe646e53e334d5f95f6a7c78246796b9
SSDEEP

24576:17tNPGu7bGlvfT8G9H8/v0bACsBgb7Y3yUsK3WG9v:nNeu+BHLts/3yU119v

Score

10^/10

Malware Config

Extracted

Family

lumma

https://toppyneedus.biz/api

Targets

- Target
  
  Bootstrapper.exe
- Size
  
  250.0MB
- MD5
  
  02accff8864d41a998534bb8e1ee3ecd
- SHA1
  
  c3e6bf3714921bb2eb5c3ab3c5c514740775def9
- SHA256
  
  5827829bcba2d503cb6c2abbab4d61c1c52c679d02f34ffe54b554e4ea122306
- SHA512
  
  d80c197a7182ad63569313dc9cac41c4b325c6f2633cffbacf726e8831eb78ba2b90fb1a0c884018c1755fecad28458ebe646e53e334d5f95f6a7c78246796b9
- SSDEEP
  
  24576:17tNPGu7bGlvfT8G9H8/v0bACsBgb7Y3yUsK3WG9v:nNeu+BHLts/3yU119v
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Enumerates processes with tasklist
  discovery
behavioral1
- Target
  
  $TEMP/Sunny
- Size
  
  25KB
- MD5
  
  d1011a6be89b2a08017b32082797d33e
- SHA1
  
  24ec2328176df561eec038a177d55da5e1dbfe25
- SHA256
  
  ed9e20dc8caa10cea3b2555a13de571f7cc81def3c8824e16ca90221b76cbda6
- SHA512
  
  dc06e174cfdbb63a9b575a1c252056f340cccb74615645f6e554e157b2a2b243f5d484c149c7b5ccae9f454419490836c862f71e79d9db8c2492b25c09e7138d
- SSDEEP
  
  768:YmKw9TIXNWSz4T7N3rUL1ctzcypE7d3P6aWIyC:NPENW6SN7e+MJ3CajyC
Score

1^/10
behavioral2
- Target
  
  $TEMP/Three
- Size
  
  64KB
- MD5
  
  84f396afb793dc4905e3dc6475c0d6bc
- SHA1
  
  e53a2f6af837da07c2f5b142dd236c51aa01d931
- SHA256
  
  7613ac2a52c6e757328eeb046d0a3a5e2329e2de431273e97798454960b6e72d
- SHA512
  
  6e6cd0e6d147adb9d902ca534e50225027b014cd01c65b5633458c89a9938bde6dc3a00ce9827177e343037b2d60d73127f559ab8400e4fd31502928b1c0f85b
- SSDEEP
  
  1536:1nO2JEC3H0GnuZWuBsWlaPIj+FeVPpV2bIV9kcxCypj9UDetLqFD9y737/:11EIHRLuBXj+FeVPebbcxTBFLqFD9y7b
Score

1^/10
behavioral3
- Target
  
  MadisonResidents/Copying
- Size
  
  476KB
- MD5
  
  4e10cd448a7c05f03251ccefdd42c93f
- SHA1
  
  0262fb4ea5ed9acc004a55f5c96e2ec5e2821174
- SHA256
  
  2db2c8676c6dd744689499f7c769495a46cb2354e3f3c9316fd2b0c96126cb3a
- SHA512
  
  eb039a315177d09cf82d103a7fa12ef074fd1ad90aea551b568aa6715974ce6ad24245a0b4298519bb4ac506f365606a7efc55aa2d0f7878d3b57e2ba8641257
- SSDEEP
  
  12288:F4tp7LD0eKvzmJTRKEYzKa3fHM2vtWnCaBBg8cal580:qttfva93//vMCcB980
Score

1^/10
behavioral4
- Target
  
  Alberta
- Size
  
  90KB
- MD5
  
  b1df4553c6eec86e4ccfa11f24416cd4
- SHA1
  
  782b5598b0949d59a489dbb9dbeee0b7f274987e
- SHA256
  
  1cad955e565fceb378351191c664a1e4cfd7b81af3adea985b0e4b189b53ca01
- SHA512
  
  35c741b91d1dc5c491de95396216aef8d308126bfd1f6a6c54e3865509d2fc768d5356da4f5a85da54c4c5500430ff5b4aae4b75be3c50ba093ae0c057159595
- SSDEEP
  
  1536:cQEcmFdni8yDGVFE5gOHu1CwCMIBZwneAJu7QnswIPumV3BxZxu6/sPYcSyRXzWG:bmbi80PtCZEMnVIPPBxT/sZydTmRxZ
Score

1^/10
behavioral5
- Target
  
  Assembly
- Size
  
  139KB
- MD5
  
  86947cf6c55f7c84aee4b730d6a307d3
- SHA1
  
  aa8d1f77a4bca267414a472d8b1797b8a8befe5f
- SHA256
  
  66b2c935f7e20abc90287b80d24d80e64f5e822b597e07b46dbc75d3f47eb126
- SHA512
  
  91d1c6c9e9042078dc2fd28f7c1393d9e4670814190824c8cc5315f35e62315101a9e2846b2abfe445e4065f90028bcf0effa03feaccbca7edfebec904ed820d
- SSDEEP
  
  3072:hdgQa8Bp/LxyA3laW2UDQWf05mjccBiqXvpgF4qv+32eOyKODOSpE:TgQaE/loUDtf0accB3gBmmLsiSi
Score

1^/10
behavioral6
- Target
  
  Calculate
- Size
  
  2KB
- MD5
  
  44c39db7c82dc3fc92d1e0cb2010c68d
- SHA1
  
  99904f21e66b58e58bc2a97f1f114c84b72c5486
- SHA256
  
  b196e6c29dcbf5f1924044cfc92d0ce722ad42a0b0f39130d7788314ded9b991
- SHA512
  
  e45bffef6a0465d3a1ea4015fcef1598cac06e6a041b47108c3201a2878bf7172763fc91ed9088feabb7fc9986417a9344699ede00df3fb72f6fa435f39e98f2
Score

1^/10
behavioral7
- Target
  
  Chi
- Size
  
  131KB
- MD5
  
  a88a90692f6a949b2752803fefe9209e
- SHA1
  
  6237a1a9ce7963832454771c0ca81b080f182d56
- SHA256
  
  73be8c4b31332970102fff9c095a03a247c47d059d7d4f6dfb74b9c1cf62832d
- SHA512
  
  0868ba362c504ea3510062ee37d2ef0a789b02d8c595495df57358af22d221a3be1d8b10d182c427f82deab91b0be174474d4172c6a629bd9a47f264524188e6
- SSDEEP
  
  3072:bHS3NxrHSBRtNPnj0nEoXnmowS2u5hVOoQ7t8T6pUkBJR8C+:bHS3zcNPj0nEo3tb2j6AUkB0C+
Score

1^/10
behavioral8
- Target
  
  Documentary
- Size
  
  65KB
- MD5
  
  cd1c3df23819a4016f8895cdbe17d17a
- SHA1
  
  0d02a2db89597bbd82f99d1f1eec0a4089588d82
- SHA256
  
  22866dd6e941629db284b119b0c2c9c2134549ac91650d0c23c00e5d8dd4e283
- SHA512
  
  c07efc39b09760d5b7b77af403e5587e4f25f030720dc0cb669381c9d2a3bded0a79387b9e958ac236a568f798df24891c7f78fb80067f3bcf52c87e43108bb0
- SSDEEP
  
  1536:wAD1EsdzVXnP94SGGLpRB6M28eFvMVpYhWoXElJUzB:wg5PXPeiR6MKkjGWoUlJUN
Score

1^/10
behavioral9
- Target
  
  Earnings
- Size
  
  144KB
- MD5
  
  a72a8ffdcadc7c3c19715475e5fca1b9
- SHA1
  
  f47e8c8d8492a4c678d86c8e1eef7d0716dfd1e8
- SHA256
  
  8ef4efd18e3105fc6ffe2d8822f5cc6ea7b6e7f6b0c2489760a43bef35b93983
- SHA512
  
  7cdcddbd661e37d46b200ff11c62b0821ca46ee7b494b96dba6f59bf6543a31deceb8db0e0e9529bffe795d5e7c8cb5aae79a3a0420a4a468a53ce3de5bf3786
- SSDEEP
  
  1536:SdKaj6iTcPAsAhxjgarB/5el3EYrDWyu0uQ:Sh6whxjgarB/5elDWy4Q
Score

1^/10
behavioral10
- Target
  
  Introductory
- Size
  
  58KB
- MD5
  
  a01580d99a6cb35ac096dbe16acc171c
- SHA1
  
  b2a630c5040e5e435d7f5d2585b247d70b203b68
- SHA256
  
  d23c312e66d4bcd338c1715c93b9ad89d969e26f8ac52f5bf266111f8f0360ee
- SHA512
  
  ccd82988dfa41c5627daad6fdf38911686da2ab628e39e3f8352fb20262eb01b0292378f6483e51e3fa4119e5f8cdc414d1a9af0c9465eb9c835f1567ea8527b
- SSDEEP
  
  1536:09PrpmESvn+pqFqaynB6GMKY99z+ajU1Rjv18fRQLTn:0hpmESv+AqVnBypIbv18mL7
Score

1^/10
behavioral11
- Target
  
  Logos
- Size
  
  58KB
- MD5
  
  68d24a84608d1ddad6cc0b019a4ecc31
- SHA1
  
  67a8ce60a6f5701b9a4871bcd28fa9bb6648ade2
- SHA256
  
  e2e20cfa52a75126996b7a8692069170f46821868909220cea498a7c9406e344
- SHA512
  
  d7ef1291e933bf19f66cb58220c5304e102aa2307c166904ae18de48e2205521c80ddb209eab907e05cbecb52e635e9450ec18f86862f6bfcd553a1db403fa8f
- SSDEEP
  
  1536:Uo2+9BGmdATGODv7xvTphAiPChgZ2kOE6:UNoGmROL7F1G7ho2kOb
Score

1^/10
behavioral12
- Target
  
  Mitchell
- Size
  
  129KB
- MD5
  
  8d3bacfdb435bafd3cad08470528d563
- SHA1
  
  a518b9acf4ecdb226574d97beaaca6cb10de9281
- SHA256
  
  e6b40c12c98c6c7da0fd5d71668d65b5b1df2896b0fa9cba74316e2eb761065a
- SHA512
  
  497461c768d6cf6c7d2e236b45693f893992abd309db74788b84580e91ff977fe8f779d39290afaaf36008eb351a2ce966964afb2e07820108c5ce3394099f44
- SSDEEP
  
  3072:hhfhnueoMmOqDoioO5bLezW9FfTut/Dde6u640ewy4Za9coRC2jfTq8QLK:hhfhnvO5bLezWWt/Dd314V14ZgP0Ju
Score

1^/10
behavioral13
- Target
  
  Notify
- Size
  
  58KB
- MD5
  
  5c2fc65f2f521045dc776dd7b5250a35
- SHA1
  
  d0f09c3cc4ffeaa7a934b225268463e251d4f5bc
- SHA256
  
  e288dce21cbf3f835926798f657fc50acf8dd92375fb78948e60a41fcd9aab1a
- SHA512
  
  42d00b7a358389352834a526da1230757487426922c57c14cc578a2c0459e4c2e2e9304316b10229c98d95fa32ec2ffa74330a443554eca4850b50055702463b
- SSDEEP
  
  768:Dq6LqgaHbdMNkNDUzSLKPDvFQC7Vkr5M4INduPbOU7aI4kCD9vmPukxhSaAwuXc0:DtmgMbFuz08QuklMBNIimuzaAwuss
Score

1^/10
behavioral14
- Target
  
  Psychology
- Size
  
  50KB
- MD5
  
  53311c0f2623242ce00faec9d09e5bf2
- SHA1
  
  22de10eda1590d26761be52f695da2432467d135
- SHA256
  
  1723ff1dd63e81e126ae4ee69d699a17dd4ac15c5a26e812f7a83cb3586a5872
- SHA512
  
  d9e0bc1d0e60dcd1802476d30d5e48f2627b71d09e0ec69706f20460b132bb36c965ccb45d494451153295cd318460ecc058d7859e7215fb988295fa7491f89e
- SSDEEP
  
  768:du+XdoXSMf17+sVXnQkdFLILu8rbPDmhdimkIXqURPN2mldrfa04VQv7Qf02:E+Sh+I+FrbCyI7P4Cxi8q02
Score

1^/10
behavioral15
- Target
  
  MadisonResidents/Hormone
- Size
  
  74KB
- MD5
  
  c92bc988a5cfc13de4ca07a8b32e6e0e
- SHA1
  
  4e2786e5af46583fa39a7dbe45dca6a03827bd85
- SHA256
  
  731a9f41c657d64622c86a0894f494683380bc6ffc9896771b472c1b24424229
- SHA512
  
  969239a028d8982eadc054823dc56ea30d701a3833d5669a2f3b1d7bd4719ce8d07e2ed6528112b0c928b2b7bd681beafe00dd968a475334b4370c637e063c04
- SSDEEP
  
  1536:btPUJCXrBP6JaErLRJX4iJlU5cCQH5cNUXjNHjnJhnhYccmAH9PF:btPUqrZ6kSjo8UsH5cSXjtnJZ25PF
Score

1^/10
behavioral16
- Target
  
  MadisonResidents/Singles
- Size
  
  63KB
- MD5
  
  5468de155033f77f34587c46aedb6d65
- SHA1
  
  8d4229c084eeeb9f91a61256c5a3ede84a51b26d
- SHA256
  
  6736dd844db4a8b13144899f21be5d39e00948ecba711339ff76fb40015760e3
- SHA512
  
  17fa9e73f884d65ce4aec340e86a0b7406ca7267fe0a01dd541d66d31ec840467b9ded956d26f2f7a5f245543b51fad39aab0139bfe682f20bd39c0f439a3e02
- SSDEEP
  
  1536:K2Dntyhgx+PfdmkoWbdTs6kFO914giAv0bR:K6cmc9mkNR4DFO91Kn
Score

1^/10
behavioral17
- Target
  
  MadisonResidents/Toe
- Size
  
  95KB
- MD5
  
  e9f56e93b032d9085c505af8c252172e
- SHA1
  
  5bec58300e92cbb1fccab9747d7079ae6c7fe9ef
- SHA256
  
  38dda6b2b849aaa91eabc9b8bea32945ed53bea3f9ab76a115f744d210fa01b5
- SHA512
  
  c4734c4453ab3d351875997a0f11ac62bc4e8eca29b237e3a6c73a077d1b01a2a5796036367a947e01178a94e7f828586c664dd0667561996507678ab066c4fd
- SSDEEP
  
  1536:fUlZnYD6dFx67ztH7rpkVWfrLXLZqZsvoau//D/qCrmqXLh9ArL1hd/QK03AyJbt:fcZndy7R/nbLZqiO+CdLh9+DdJ0dyQ
Score

1^/10
behavioral18
- Target
  
  MadisonResidents/Without
- Size
  
  25KB
- MD5
  
  78787ca5d9006a73d4252930d5becae0
- SHA1
  
  6447a892a6568bf3ab48a011bf944c6d83779e17
- SHA256
  
  ae76df0e32ae02732d54096768cc47b8b583d0e71d1f67b0cb0c5fa6fd51d5c4
- SHA512
  
  52d44e6d1483a0abbe96120c424b186dd0eada558ec4766c810df2f9953cb1cc35cc04b598bb8657bf8b6369bd19adc35203ef9dca3335f10ddc542a96623114
- SSDEEP
  
  768:UL5eIT+YFVO1w63ePSGWs+00LkyWf/T6xxSTzPl:UL5fFVewCR04kdHT7Hl
Score

1^/10
behavioral19
- Target
  
  OrganizationCorrelation/Scientists
- Size
  
  85KB
- MD5
  
  63486f959da3b06d6c09728d91ebe648
- SHA1
  
  9b7f71f09254b341e2d9a10fd076fda367df83d5
- SHA256
  
  5646aaaf4713dc97b3f7b374de865141e1abb40cdb7fa0811185fc1af74e16d1
- SHA512
  
  70a54d4a5dd55c88824e613710dae5d945d598eec6fae3ad7b4a003645d6b5e413af4bfbf411074ec6694aa1b2073bebd7adefccf7d8de7007f4ca562179f5ac
- SSDEEP
  
  1536:8NKUN0pLy8FZkiy8vwuttwB/nTPrx+8jwyvmxNRWIKXzOhiLTRm:c/0pG8XkiHxg/Px+WwyvmXRWIASoXRm
Score

1^/10
behavioral20
- Target
  
  OrganizationCorrelation/Us
- Size
  
  64KB
- MD5
  
  f0343a1abd72fcbc1d198e6cedbb9871
- SHA1
  
  57ce27905eaa06a886bbc00cc91f10c5522e1f27
- SHA256
  
  e91e5b2155b90483e2214589db2a97ebe63da03ee692c71e5e5492e55a0b7ea1
- SHA512
  
  74d15bee4c6c78f51ceb1145a1fde01beb420b9d9d2be1ec0e0dec6644a88330879cf2c092ba08aff10523cc5b59d53354975539bbe24bc40872dc2d1a5bef5e
- SSDEEP
  
  1536:An8hzOgRtb2XMGf6V+MlaZ/0sh59d3/CfAaPaB/TykalGGDlPAbCbQ:AYOctbhQh/d6fAMaB2bcgAbIQ
Score

1^/10
behavioral21

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Checks computer location settings

Executes dropped EXE

Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21