lumma | b7f2ab5eb7881baa91f5bc72ade2544cedfec11c6a9d74b8ed64c9cd59065268 | Triage

Sharing

General

Target

Вoostrapper.zip
Size

44.2MB
Sample

250226-p4gc1szqz8
MD5

46cab0e88bdb46ec1c0aaf4656779b04
SHA1

96293687815e38c6791252cbc4a1a631e588bbef
SHA256

b7f2ab5eb7881baa91f5bc72ade2544cedfec11c6a9d74b8ed64c9cd59065268
SHA512

d8d858328280ca0d9e794ac6d825e4584de9a1503ee2aceab1bca21ea433976847a1962c83bdea4da0fb5411407ca00719b6ff09e7c204d0404930db5692dcf0
SSDEEP

786432:n7Dvrvgt+HHEzyVWWQiLejAafLyhkVG4jSoo9CmWiqI9T9nW1wYgogYx4:nPeeVWcLe8WyhkFjSooLWGJ9nWyYgo5W

Score

10^/10

lumma discovery spyware stealer

Malware Config

Extracted

Family

lumma

C2

https://uprootquincju.shop/api

Targets

- Target
  
  Вoostrapper.zip
- Size
  
  44.2MB
- MD5
  
  46cab0e88bdb46ec1c0aaf4656779b04
- SHA1
  
  96293687815e38c6791252cbc4a1a631e588bbef
- SHA256
  
  b7f2ab5eb7881baa91f5bc72ade2544cedfec11c6a9d74b8ed64c9cd59065268
- SHA512
  
  d8d858328280ca0d9e794ac6d825e4584de9a1503ee2aceab1bca21ea433976847a1962c83bdea4da0fb5411407ca00719b6ff09e7c204d0404930db5692dcf0
- SSDEEP
  
  786432:n7Dvrvgt+HHEzyVWWQiLejAafLyhkVG4jSoo9CmWiqI9T9nW1wYgogYx4:nPeeVWcLe8WyhkFjSooLWGJ9nWyYgo5W
Score

1^/10
behavioral1 behavioral2
- Target
  
  Boostrapper.zip
- Size
  
  44.2MB
- MD5
  
  38194139f5f75a6750c2d01bdcb12a73
- SHA1
  
  276d3710ae933e8e0672d9b8e24a6b5ec466a2c2
- SHA256
  
  441f54e57804c6abedcc2c04d1f60c2c76986b8196c4206ac5c43631a7028a1e
- SHA512
  
  aae15e52fae0cd8d87c813a614f717757a9a97fa16e1e106ccdd536f1526883665ddaca8acb6fc96b27413f86a80d06a082a97d792595f0be0f56266b423b9e4
- SSDEEP
  
  786432:Al043yes3+AVECqX8fUUdI2rkXvq5V6aTkmPEz3xed6K0NB3I9Aiw37Uy5XROGrp:943/s3g8i2rkX2V/QPdedKNB49Ais7Rl
Score

1^/10
behavioral3 behavioral4
- Target
  
  Boostrapper/Bootsrtapper.exe
- Size
  
  1.1MB
- MD5
  
  ca2a0e430407258e8293584dd7aa889a
- SHA1
  
  ab6a3c2ac83fd354a92bc466b657ee42a160b164
- SHA256
  
  f8ec87a5176d6f595e323d2a71dec3f81ecf8a59209aca5acffd2f4cf175b145
- SHA512
  
  332c7a871f4b5d737b22521d0ec7ba0b5b784bcb0ce0ad3f33958748774f144f350e7c474e842646baecc78702a356959eca4a8f7d9a51449414cb4e52159bfc
- SSDEEP
  
  24576:USZk3bBphz4+faR3lMdn9hMGJGuG6pUO45hB8AyD3VsfyWE:edphz4+fsa9hMGJGH6+O4Ng3jWE
Score

10^/10

lumma discovery stealer spyware
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral5 behavioral6
- Target
  
  Boostrapper/Web.UI.View/af.pak
- Size
  
  327KB
- MD5
  
  c9312ff081e600e5fb4483b46ddd7c23
- SHA1
  
  1ff05a6a06cc73caf2d7545a3821d90c228ac0af
- SHA256
  
  b1987cdcbb8d76598422aa1739a246ed6690dc1b211f950fcbf2f040491ed7a8
- SHA512
  
  20c136b44770aa0e06259687656675a3e14310ea4e8ba214726b216bc1bcad6026267bf0132cbca642c0b5c49293386d0a1bd93ba40e1c33b648ae70416e8898
- SSDEEP
  
  6144:ZP+kgc+kVWlEvC9Z5D49Em7kLjB6oAYxjYgDbwxesB+xSK1IA3y25tHwDwv22iGe:ZPfclEvC2im4LjB6oAYxjYgDbwAVSK16
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Boostrapper/Web.UI.View/am.pak
- Size
  
  531KB
- MD5
  
  e8bac983607c5432f789afdacdda42ac
- SHA1
  
  95c26f47f7102be338263fd7f7e365632651f22e
- SHA256
  
  ee363b88697a26d486c77bbf05f5f7f62d4b40c235e1d85e11448083070576f7
- SHA512
  
  5e26f40c8dc088d21b9b6a01041ece3bd4b2899ee33fdd85be995545c7a24860fdc9c672da8c9345a08891e0bac04ccf4d65de543f4cfba0bab0ae3fb32354c7
- SSDEEP
  
  12288:GguzxX8xfzKsEYg95z9SBeuUPQvx30jH8+I:GX8xfzKnYg95z9SBoPQr
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Boostrapper/Web.UI.View/ar.pak
- Size
  
  574KB
- MD5
  
  d1d99f4f2045531edc47d37a367402bd
- SHA1
  
  825385e524ece779c641a4ce2a57d14ff126d509
- SHA256
  
  bfa2a3c3ebb3c6afbca42cb70b4da8f997068d511cf40ee8a952a893b8f9d7cd
- SHA512
  
  4255b02c19ed373d711068a2d4639d462372071cc2aadb6afce459d9fe19bda21ffcbf1604e4937617cd5fee996f9b3786be1c2bed4dc4919d849c7a988a6ac0
- SSDEEP
  
  12288:el2RFtqr0jXjiRp8DvYUBuSYRrA5SNbr+ATg8Y3MgSEN6h:m2Ru1fRk52+M
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Boostrapper/Web.UI.View/bg.pak
- Size
  
  608KB
- MD5
  
  96372403a9ded96f3a699262029a4580
- SHA1
  
  07069b20fe303f6eef1fb6c8c0a19266a0c705c9
- SHA256
  
  6c10b64d31e0dc2c4befc6703ac17343ca473b4350cfb3c6e01833f505b69590
- SHA512
  
  0df60fe13818f0c3c6838e77686c5de9fa03b97cbf0943f7a2a4ae2f3a0890d3d64b3a7652d8c81c23de876ac92e4c6b71d584fb106c3520c96ef76ba30250fd
- SSDEEP
  
  12288:dPnB1xlYrdAs1alUDpzaVVwsl867mFyY3SKN3rsbDxXs7Jfu64KGzrFSZp8VqJ5O:dvBjlYrdAs1alUFTsWoY3SKIVcdu6pGB
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Boostrapper/Web.UI.View/bn.pak
- Size
  
  780KB
- MD5
  
  cb203032925be270222dc2c20fe771e2
- SHA1
  
  2f2f20bbbd07ee01cc996247bd9c2f40037dff80
- SHA256
  
  297d52b252df0912490ddf26fa58706895e70c2a0f3f09d0dc756706720095ef
- SHA512
  
  052be75c51051949c84216566b462733b61026ba74e212b000cbed7d93cb852e74ae83d64d2eaadc3093af4265b6783184cf8e0368a75e077d4b75daba40f9b4
- SSDEEP
  
  3072:Kw+ZjJj+E7z0eC6HcvR1kgBbdawSU5ZwXll4:4tJXZ78vRNBbdz5ily
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Boostrapper/Web.UI.View/locales/af.pak
- Size
  
  327KB
- MD5
  
  c9312ff081e600e5fb4483b46ddd7c23
- SHA1
  
  1ff05a6a06cc73caf2d7545a3821d90c228ac0af
- SHA256
  
  b1987cdcbb8d76598422aa1739a246ed6690dc1b211f950fcbf2f040491ed7a8
- SHA512
  
  20c136b44770aa0e06259687656675a3e14310ea4e8ba214726b216bc1bcad6026267bf0132cbca642c0b5c49293386d0a1bd93ba40e1c33b648ae70416e8898
- SSDEEP
  
  6144:ZP+kgc+kVWlEvC9Z5D49Em7kLjB6oAYxjYgDbwxesB+xSK1IA3y25tHwDwv22iGe:ZPfclEvC2im4LjB6oAYxjYgDbwAVSK16
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Boostrapper/Web.UI.View/locales/am.pak
- Size
  
  531KB
- MD5
  
  e8bac983607c5432f789afdacdda42ac
- SHA1
  
  95c26f47f7102be338263fd7f7e365632651f22e
- SHA256
  
  ee363b88697a26d486c77bbf05f5f7f62d4b40c235e1d85e11448083070576f7
- SHA512
  
  5e26f40c8dc088d21b9b6a01041ece3bd4b2899ee33fdd85be995545c7a24860fdc9c672da8c9345a08891e0bac04ccf4d65de543f4cfba0bab0ae3fb32354c7
- SSDEEP
  
  12288:GguzxX8xfzKsEYg95z9SBeuUPQvx30jH8+I:GX8xfzKnYg95z9SBoPQr
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Boostrapper/Web.UI.View/locales/ar.pak
- Size
  
  574KB
- MD5
  
  d1d99f4f2045531edc47d37a367402bd
- SHA1
  
  825385e524ece779c641a4ce2a57d14ff126d509
- SHA256
  
  bfa2a3c3ebb3c6afbca42cb70b4da8f997068d511cf40ee8a952a893b8f9d7cd
- SHA512
  
  4255b02c19ed373d711068a2d4639d462372071cc2aadb6afce459d9fe19bda21ffcbf1604e4937617cd5fee996f9b3786be1c2bed4dc4919d849c7a988a6ac0
- SSDEEP
  
  12288:el2RFtqr0jXjiRp8DvYUBuSYRrA5SNbr+ATg8Y3MgSEN6h:m2Ru1fRk52+M
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Boostrapper/Web.UI.View/locales/bg.pak
- Size
  
  608KB
- MD5
  
  96372403a9ded96f3a699262029a4580
- SHA1
  
  07069b20fe303f6eef1fb6c8c0a19266a0c705c9
- SHA256
  
  6c10b64d31e0dc2c4befc6703ac17343ca473b4350cfb3c6e01833f505b69590
- SHA512
  
  0df60fe13818f0c3c6838e77686c5de9fa03b97cbf0943f7a2a4ae2f3a0890d3d64b3a7652d8c81c23de876ac92e4c6b71d584fb106c3520c96ef76ba30250fd
- SSDEEP
  
  12288:dPnB1xlYrdAs1alUDpzaVVwsl867mFyY3SKN3rsbDxXs7Jfu64KGzrFSZp8VqJ5O:dvBjlYrdAs1alUFTsWoY3SKIVcdu6pGB
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Boostrapper/Web.UI.View/locales/bn.pak
- Size
  
  780KB
- MD5
  
  cb203032925be270222dc2c20fe771e2
- SHA1
  
  2f2f20bbbd07ee01cc996247bd9c2f40037dff80
- SHA256
  
  297d52b252df0912490ddf26fa58706895e70c2a0f3f09d0dc756706720095ef
- SHA512
  
  052be75c51051949c84216566b462733b61026ba74e212b000cbed7d93cb852e74ae83d64d2eaadc3093af4265b6783184cf8e0368a75e077d4b75daba40f9b4
- SSDEEP
  
  3072:Kw+ZjJj+E7z0eC6HcvR1kgBbdawSU5ZwXll4:4tJXZ78vRNBbdz5ily
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Boostrapper/Web.UI.View/locales/es-419.pak
- Size
  
  366KB
- MD5
  
  13c6d0a268545541f325375d431b41ae
- SHA1
  
  5f5c41348f00c5e5539d261c2b76ae6e3ec7af83
- SHA256
  
  943fa8774ade38d57349a5d27869097a782bc06bd34c40864a85ba829457d127
- SHA512
  
  09cbb2b21304ca8afa8b760b738adb5422e83550085f1aed8e8590eeef04a2b0e131e1ead6723c3e85383630c483d7720e55f71305ff4821d7822fe6d7aa4252
- SSDEEP
  
  3072:rt+uPUzEx0HrKJBjQMU0dmdv5jrqMCOyu0sdzPh7buhwwJ3Os57lLfGLFg3WSszj:rt+o+I0H6nUxv5rYQQJH5sLFg3WSsTG6
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  Boostrapper/Web.UI.View/locales/es.pak
- Size
  
  367KB
- MD5
  
  c8086dc25cf0a3c978b2c3b37edf8d67
- SHA1
  
  7b6d2ce8b3cc5a33ab2bcd23114fe65ccc568e7a
- SHA256
  
  11ef2c0229c1fe1c10be08e3d5f36c973bc3c272f37b40e05c534a118757461b
- SHA512
  
  230e6999a6fea1df3b2708eb331a2c25ca53677b3453745ff9cc7fbbc013b69148af5609166720255a2db7e63b25e2d0c599fb07057a6b47bf61f63ea9db9e01
- SSDEEP
  
  6144:OYkS2J1Bc2UoWCfgfr56ZLb5R7q5zrB7bUlo4AN6PZmz:OYl2XWn5r0pFRm5zreloXnz
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  Boostrapper/Web.UI.View/locales/et.pak
- Size
  
  330KB
- MD5
  
  054865950b3b9e8312a7f9490268eaca
- SHA1
  
  28b0176112eddb7af58386b4f8aed4a49b9a2661
- SHA256
  
  3599e7138a24a31839da877cc9718b9c0c9522437ea93a6222a119080f108d14
- SHA512
  
  bfc72f19ad1a52c0da82409accb33a27b2844ed29010207268c7d695ad7562a8867a87b70ac50142909b50b81a5c84d6f6a43968353ae7a72bc042aea8cbb59f
- SSDEEP
  
  6144:GPJXg42WkHwGkDmzZpDM0djry2zuJbT/RcLvihV15Ujc43ceLfLPQu:6JuvymrDbWF15Ujf
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

lummadiscoverystealer

behavioral6

lummadiscoveryspywarestealer

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32