lumma | 078898cf626e80ac8dfa8e11f62731d0da3557691cbd8ce4bf27bcaf71f36e45

Sharing

Copy URL

Twitter E-mail

General

Target

Bootstrapper.exe
Size

250.0MB
Sample

250128-vj9fysvqcx
MD5

5ddc96131a4fa050ed3c6e04f67ddae7
SHA1

82ded800588cfbeb33fe6695959aff66dd1edcdd
SHA256

078898cf626e80ac8dfa8e11f62731d0da3557691cbd8ce4bf27bcaf71f36e45
SHA512

570c1a3fcd0dcdc4c8241d5f7dab781a6b7acefba2e921b58a7a53a33d9e8fa613ce74c1c515f2604aec062f101e649e498f2cef0b3ff9c5b203b1c39d823e52
SSDEEP

24576:SGNzMuKIRynzVp0bPWcrusxT0h1fXMnd+mKpUj:VM+ED0b+6uqTOXMnd+Rpg

Score

10^/10

Malware Config

Extracted

Family

lumma

https://toppyneedus.biz/api

Targets

- Target
  
  Bootstrapper.exe
- Size
  
  250.0MB
- MD5
  
  5ddc96131a4fa050ed3c6e04f67ddae7
- SHA1
  
  82ded800588cfbeb33fe6695959aff66dd1edcdd
- SHA256
  
  078898cf626e80ac8dfa8e11f62731d0da3557691cbd8ce4bf27bcaf71f36e45
- SHA512
  
  570c1a3fcd0dcdc4c8241d5f7dab781a6b7acefba2e921b58a7a53a33d9e8fa613ce74c1c515f2604aec062f101e649e498f2cef0b3ff9c5b203b1c39d823e52
- SSDEEP
  
  24576:SGNzMuKIRynzVp0bPWcrusxT0h1fXMnd+mKpUj:VM+ED0b+6uqTOXMnd+Rpg
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2
- Target
  
  $TEMP/Grass
- Size
  
  71KB
- MD5
  
  ada59761b1e7e24fc5d82a8d86b2c0fb
- SHA1
  
  2ff93f9c77edf53a994876a1526c8c042c24cdae
- SHA256
  
  bb4ec0fbe1f5e92e4d1b389119685d766c89722304525aa554bafdc2d04da778
- SHA512
  
  429d928fc8336c7e38767b2cd336cf3b493c43b89ee9f39ceacb617490e00a730e0c9acf5340d940a6d02f5579c785df4c6001009527ab85183041154430fba6
- SSDEEP
  
  1536:FllaphHJsUhBq2isDq7jXtJqBvyYwPauV2Rb2PEa7cs+n:FllaLJsUq2isuPdJqB6LauVUb2PEa7cR
Score

1^/10
behavioral3 behavioral4
- Target
  
  $TEMP/Rape
- Size
  
  80KB
- MD5
  
  da60afd0e7846475eb467a411c9d93e3
- SHA1
  
  30b04a96b1af7da59e37ae1a0be7438c8593259d
- SHA256
  
  7676d619230abd2a2ec536953ef7e14a659fa053fe84edc2e15cc65620f0c8c4
- SHA512
  
  0081a63e70ed1f268468ea0ff48e051c9777b8666d9c401d028d248940ab1e1bba6142a844afbbb4325d76757ba10f7ddf802c06e84eece1773a35553280b432
- SSDEEP
  
  1536:d4yEpYJ2Ec5VyRKG0Gf4RKcwHeAk1lhqcnVWQE82O3vY5NpfnzQQTzB:d4JFN/AKCARKGThqcngfNO3QLpfU2N
Score

1^/10
behavioral5 behavioral6
- Target
  
  $TEMP/Soldier
- Size
  
  30KB
- MD5
  
  9b93917559bc9b0c222e0786dafbf76f
- SHA1
  
  2b3f3278e3444988c2332a4af4d2ddb9991aee5e
- SHA256
  
  d0e7e1b0847f8ecbedfa44d1536b1499e5c80df10c3c83e216c0475445e34572
- SHA512
  
  e7b3fbf3103ce0e0440f85b6fc90e3f8c14a71cc4b20357c91c1fde5d9197005a9235ed1bf51a1f2d72f594d6d4594e3e859b25a650012de9c66ee6f15ceae7c
- SSDEEP
  
  768:GffFogjRbUd9AkaYTdiVLH7OphoV6Zs4G1Dx/CjEVy43mKWbxyDWlUumh0Z:Y9tbUd9AumSLoShG1DwEVy44bllVma
Score

1^/10
behavioral7 behavioral8
- Target
  
  EngagingEntities/Blue
- Size
  
  77KB
- MD5
  
  69cef765fd888bf92d8fe00d5939503f
- SHA1
  
  3a3b162245f0b6e145a33056b753f365c0d2f962
- SHA256
  
  62c493a3f99320021b2c243c1031b4f544fd839dcc5779f75127b8c718468292
- SHA512
  
  2a1308618c299fe16e9818b0e37843321ba8979844b22f5cfec2d7a5b4abf22b5e4e706db100e35c7ff61c32b0d9650caf5c5caa7a89869d8be14d062177ee14
- SSDEEP
  
  1536:Lpkmvn19x9g9R6Ep7D1aOdvFISaP9+Ksadj19EF0zkmFdWhk4bEh4amu/W:1V9gR60D1HtISaP9yEXEFfIWK4bdafe
Score

1^/10
behavioral10 behavioral9
- Target
  
  EngagingEntities/Mcdonald
- Size
  
  77KB
- MD5
  
  ca700ead25ff1da0f3d15b3d4f03d625
- SHA1
  
  81ea4585cfafb905c4651019e3dbff36cfb775d2
- SHA256
  
  8cb81f9d5f389af49c624740ecf5bd523b9ec52fd95f4d1969f27355ffe616d2
- SHA512
  
  27086627d9ecf16e3c5e42c510fe0906d54d7c306abba6a89f1f97bc7f2f12f8d1e6b3cff2e869d672495ba4cd76e00bebac44179e74a406157e9d4ff36bf533
- SSDEEP
  
  1536:8NEgxnWn5B/ss7HlU6dNynk1du0cSlnyrnbyBt93:8XQvsbLMncUqyBt93
Score

1^/10
behavioral11 behavioral12
- Target
  
  PotatoBlonde/Achieve
- Size
  
  87KB
- MD5
  
  6b4b3d1f08334eb101b77825c2e69a0f
- SHA1
  
  5ed3cd04f8c243329e0c1df244b5557e13b9a195
- SHA256
  
  0cc867c5cc3820b661715316fc7f9cc81a3aa0633636591ad625976a7546cbd4
- SHA512
  
  c1603a50fb6967af91407a849d57d0f4816f330b6f822c85bc77a84c1a18a7197c19ce490d236bafede117c26d72a8c6144c142ddfb9661d546a596ab3bb982c
- SSDEEP
  
  1536:Ko5L4G0MhE7tQO4shY0/trjF+OhYZm+YUswsTfFPU3yWDIEv2sVTjMrx9pQftUkm:jeMhWtf1djmZmXUqfeDPv2s2x9pGUkbS
Score

1^/10
behavioral13 behavioral14
- Target
  
  PushUpdate/All
- Size
  
  93KB
- MD5
  
  6c8bc112df167396aebb49ea6e22f7b4
- SHA1
  
  747ae9e043ac1c383a54053f4035231ed233d040
- SHA256
  
  2c1fc99f7b576b4882e4f01d22acdf1bda4dbccb91f3fdd8c09cf39c2f2af54b
- SHA512
  
  376fd2b86b2a1729d8150e2dbb040d2ca84a4619b75944d10749a3c1df089e565ec4cc5021785c34baa243ff2a8b57cd63967d3c414ec08552e33032bfe22ccd
- SSDEEP
  
  1536:Ll+H5uIczcgUbSUeA5sdMwxtSM6X5yO/KEZj6Zl4rlC8HQhq9u0bLAr0DE3dJz1l:R+8IczUea58CM6x3Zj0SbHQArbsr0DQr
Score

1^/10
behavioral15 behavioral16
- Target
  
  PushUpdate/Marriott
- Size
  
  477KB
- MD5
  
  52c85a3d9b4754d17283c58a62ee8e3e
- SHA1
  
  aac7f37b3ecced2acacfdf40b1a1e47e0b45183b
- SHA256
  
  38ff935f856d0f54ccaf8c01d5419dbc01239f5bc237b6e67c5eace70b766feb
- SHA512
  
  3e2fe806494844f9e53a0f1d5d4b777ca159a35e7c79612aea33661ef5049a35c13e904ea8710f904e3381e13022dc9b07ba47d223279dde671ee97570361dbb
- SSDEEP
  
  6144:PS9n4NsSgV8KeKca1vjRcpIEF5QL7y/cThpkc5dF8r++ZjU5PGEFvUV3/uh/ZXoq:/sXCocOIF2ocThjTg8PGOE/cNaa0+3SA
Score

1^/10
behavioral17 behavioral18
- Target
  
  Bare
- Size
  
  107KB
- MD5
  
  e764237ece1583e546938d1f422e80fa
- SHA1
  
  b8cf83ade7e9a4c6bdbde6d87bcc5c81b861ad67
- SHA256
  
  c8366f16c835d58d9ef9b923c1f7654ba366605803080ba4a31e6d964403f163
- SHA512
  
  62a3d679507ea306ddd3965008c7a685198f057a6ec4def4c28e6aafe610901f5acaa14b86ba00f2c51e31eed8f8c18db168cb9a8f4fddc968f738b62c475b80
- SSDEEP
  
  3072:x5mjccBiqXvpgF4qv+32eOyKODOSpQSAU4Cn:xaccB3gBmmLsiS+SAhCn
Score

1^/10
behavioral19 behavioral20
- Target
  
  Collaboration
- Size
  
  99KB
- MD5
  
  75c9533f649fc53f15fe66ad1e660837
- SHA1
  
  230640e4a5f5d11e34f93ab9268c5f2f434cf904
- SHA256
  
  7ebaf5353216d2b73bd4f9a6051a6bf6be84dadee78d99f116fa3b5ca50e9be6
- SHA512
  
  0895875b762795ece7c6682cf4055b67860c5464d56221db5754c67a2d29d7061f624e86613cb253a2f07bb5405e9454679a30f27b0a0859550d587a65cce6ee
- SSDEEP
  
  1536:35el3EYrDWyu0uZo2+9BGmdATGODv7xvTphAiPChgZ2kOE6:35elDWy4ZNoGmROL7F1G7ho2kOb
Score

1^/10
behavioral21 behavioral22
- Target
  
  Costumes
- Size
  
  135KB
- MD5
  
  3e6ac35562b5e256ac96255b65d73dc8
- SHA1
  
  7b75834345ab18fc06238425422081659f609dc2
- SHA256
  
  763d432416f8fa79a907904f2a118b4dd13b6b20d173564398bc430d4c3ae15e
- SHA512
  
  4fd0deb65ef349496432ed3b95f1ceeae41e10880a283b63a01eca62cac406afc496cdf17b60b0c8915f010149906f4aa5eeb89dd3aea0ace1fe15c8001d8f0e
- SSDEEP
  
  3072:zoRC2jfTq8QLeAg0Fuz08XvBNbjaAtsPn:U0JaAOz04phdyP
Score

1^/10
behavioral23 behavioral24
- Target
  
  Happens
- Size
  
  65KB
- MD5
  
  0dde3c7228dba2b77766f9a8fa8c3b8e
- SHA1
  
  8538a5646283374c9249048033227f5e78d13496
- SHA256
  
  341acf8c01839083d72f47bea36d026a8ba2e2cf73703582d1c7dc1918e89e9b
- SHA512
  
  5f6abf298608321e493d14ba320140e0f43f96dd338877f10717c869deddef6b02d00d3929db5ba7637a3cc37cac9904032c685ac325ae7db413c8d9177e6e5d
- SSDEEP
  
  1536:X1/AD1EsdzVXnP94SGGLpRB6M28eFvMVpYhWoXElJUV:XZg5PXPeiR6MKkjGWoUlJUV
Score

1^/10
behavioral25 behavioral26
- Target
  
  Hull
- Size
  
  67KB
- MD5
  
  52bf5b80ff9b4153ddc294a6d7ea7ea9
- SHA1
  
  0d49562bbf835317350d2c5e1e3992d4c7963c1e
- SHA256
  
  c7c0fcf2a92b4da6aa9b1a9cf47792982858b1e59d317a6a4e1fec821ad346ca
- SHA512
  
  020cab9b98389ffe0da1b129d82b075d0198bab6554cc61756a8da6f3ff11fd5fdbf2cb5bf55ba12eeae4a977858beebc16bf8c2d90f102ba84663a250e2666a
- SSDEEP
  
  1536:1dlDfFgQa8BpDzdZPp7HE+tKA3QkvyNf7Xw2U0pkzUWBh2zGc/xR:1dgQa8Bp/LxyA3laW2UDQWfY
Score

1^/10
behavioral27 behavioral28
- Target
  
  Months
- Size
  
  136KB
- MD5
  
  4cdf3e57d3d57e973cca232bacb9a4b7
- SHA1
  
  20daf5a36abe40beafbf17a974754413331095d1
- SHA256
  
  59fd8c96ea34e60c3ba49b9912748f8106625858bbfdbcf68d0943153a54cc7d
- SHA512
  
  08fd4833009f0f76e6c7173861743c81c57e86c54369e428d89d776c7eb843c52e854270acdfe3bb61afe2d6b5bbb8a32af5487c72a346cddb727267e6cfc4b1
- SSDEEP
  
  3072:E0Imbi80PtCZEMnVIPPBxT/sZydTmRxlHS3NxrHSBRtY:lbfSCOMVIPPL/sZ7HS3zcY
Score

1^/10
behavioral29 behavioral30
- Target
  
  Particles
- Size
  
  80KB
- MD5
  
  9332a8e5d5a1f8fe99ac9de9b71546b0
- SHA1
  
  5799e7b5424f4768c18ba72319886f64f4836ad6
- SHA256
  
  11de444a146e62366fd2864722a3af8e8a62359c2428925dfefd12f363112803
- SHA512
  
  7a801916d043547c333111181cdd6e7da46bd64716bd19bc97e550106aa11eb10f7ed1e46701ae0b1e60fa4747875b3d615e8201705100ec941af12988f54380
- SSDEEP
  
  768:EGKAGWRqA60dTcR4qYnGfAHE9AUsFxyLtVSQsbZgar3R:dKaj6iTcPAsAhxjgarB
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32