lumma | 08b3baa037ff1ef979544f921e7e4f023bb649c04e7aa929b2e4328cc5ac1138

Sharing

Copy URL

Twitter E-mail

General

Target

Setup.7z
Size

117.6MB
Sample

240628-d3stwa1hmm
MD5

83811f7688761d304f868161fca48ae1
SHA1

9d1bd166e0d30cd8ae443a813f4a151a5954de71
SHA256

08b3baa037ff1ef979544f921e7e4f023bb649c04e7aa929b2e4328cc5ac1138
SHA512

306cfbb0532259d5ca13dd7ea74cc45b3a563f47cbef2943f3a25d1b8eda6f5215c6215e67e97d6a172b5bf7a2df9d270e1a1bd2628980002aa0aaf844282db0
SSDEEP

3145728:iRRn8c2X/2DVYm/1gbLkc003tc2QjeDMRQDa:il/2P2Wbr003CeDeB

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://harmfullyelobardek.shop/api

Targets

- Target
  
  DAC/bin/es/Microsoft.Data.Tools.Utilities.resources.dll
- Size
  
  31KB
- MD5
  
  7c565c5568c4df2767df6917e58684b4
- SHA1
  
  2b8806a667499c7f15ac5ab778cb78a0f6e2816f
- SHA256
  
  05f62b735637183cab4e5d0e13e166e4963d6d5b253c337ab87cadd7e5aa3766
- SHA512
  
  89b2de8ae66018c43f8f804aaaa4fdc8e29d80a68280d3ea803f93541c201b7b1ff44a7d949d47a73b956fa7c31ae683affc3bd7d1322fe43318072655721dc5
- SSDEEP
  
  768:4IxJyy76bjCDfw/TBr8xTgY/TB2GvNcKg4/7Cqb6FjXHUGX:ngrcNcj4/7C26FrHUGX
Score

1^/10
behavioral1 behavioral2
- Target
  
  DAC/bin/es/Microsoft.SqlServer.Dac.resources.dll
- Size
  
  17KB
- MD5
  
  702dd90cf31a5732778fb9e8feaf0a31
- SHA1
  
  9a6b82d7967218b1938eecc5d4c42977c3c0064e
- SHA256
  
  e0d42954a9f8888837ce9853573a5ff8480af82fba84463e0cc1040b09807a7c
- SHA512
  
  77aa94b71b520585e73f19b841d651716b818cba8770269df265477a28ef7528c0a8689259dbf31aa6c0e26f1999d0be29fc4d1ab800603485f08fbeac8fe509
- SSDEEP
  
  192:XeA25rX2/QAFPVSFJrUyh4Oi5KxQ5ZWahoWZQKPnEtm3EFxJhjeyveC/OeM:X01wQwrhO0QQ5ZWahoWZLb6Fjpv
Score

10^/10

lumma stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  DAC/bin/es/SqlPackage.resources.dll
- Size
  
  23KB
- MD5
  
  31fe109eb7acc3e5055e2c31899df910
- SHA1
  
  c3fb74351fa8c2a358341be760fd2d70b945f3b4
- SHA256
  
  4aec9039b33d7d5c15c46cd50d416dda64fbc0c94702ea180f8ab2716104a913
- SHA512
  
  c4fbbf40027f217eb7182b85ec051c397ddb5e4b7563027224d5d60660a2b10a4a3559712dd0ef21f0432ad79cafef393811a4778f2137803b19c7d70aadce6c
- SSDEEP
  
  384:nMrwPwz32AFVzx1wl99Bld+MosGuZWeZ8W9Lb6FjXHUQRD:Co8hhzw9Tonu/Xb6FjXHUS
Score

1^/10
behavioral5 behavioral6
- Target
  
  DAC/bin/fr/DacUnpack.Resources.dll
- Size
  
  153KB
- MD5
  
  335dc82d727abdce114bcf090bcded1c
- SHA1
  
  166dd08e4de4b1c238e8827c5fb30784b6dbfb19
- SHA256
  
  37900233a1f49c0ecb83be93b3c38f261e9318bd1dbaa673fdcb1257074ab749
- SHA512
  
  6d5edf08abf56b19b3d45102759c278c073de9e9840dbe61354d28d14ef0ffb444b12afad859789d0f73a6c5d674eb94da86131054c483ad55db5b3d8df27549
- SSDEEP
  
  1536:XxpNooFyAJWnPhC+V2McFkpHgTqmAIWkdp58f:XxFHWnPhC+VYOudp58f
Score

1^/10
behavioral7 behavioral8
- Target
  
  DAC/bin/fr/Microsoft.Data.Tools.Schema.Sql.resources.dll
- Size
  
  1.2MB
- MD5
  
  08aea77a547f418b126beb2cbe6e83f3
- SHA1
  
  32034ed7fef24f0e8a8a26aa23363250893942d7
- SHA256
  
  44699cd41e8e1b46cb964e39ab80ca169b8c5411b0baa40f8fb7b1aa8003d810
- SHA512
  
  07ccd46de2db4ca92c1bc42399611f443f907c24b39c6c18c89bf1df4f0c6ef9775183d682511c4cd77782c0ba93396a1a9f5a7becbec5f5af86c3c16ddcd298
- SSDEEP
  
  6144:jGG2HvMaOYCZWj2tx+yxgc3shLbl9txmyawSan2q/8EvW+P7dOok6YDX2fWyJQtK:n2HvcZ9Hr2F+E
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral10 behavioral9
- Target
  
  DAC/bin/fr/Microsoft.Data.Tools.Utilities.resources.dll
- Size
  
  31KB
- MD5
  
  30ab6ae3dfae390bd6247451f6697a82
- SHA1
  
  57be38d8f1be04babd8cf0fb3c97cd2a04c004b2
- SHA256
  
  d5da1976a56e09780e70648f8f63ce7d1434dd16d72c851629e54f494858d7de
- SHA512
  
  42e16091e94169c7bdab32c8a45c75f755d5e6c2c6613e8f011d9cb3aaefc312e8ff50bdeae18353c45741940fb178ca83731cefe1a17bd55413a2dc42196f73
- SSDEEP
  
  768:WcUwcIxJyoBvdyxHlnXbLYtNvVZIYNJDVYzmMgVdQDac67/oIEEX4EUnSz9dJEwB:WcUwrgxznmMgHQDac67/oIEEX4EUnM9V
Score

1^/10
behavioral11 behavioral12
- Target
  
  DAC/bin/fr/Microsoft.SqlServer.Dac.resources.dll
- Size
  
  18KB
- MD5
  
  d20dbf784a37189b75bd05d8e7625790
- SHA1
  
  eea40ccb14ee8df15169c21b8044a16b686fc377
- SHA256
  
  235ed6d18adfdabc7ca5f1ef625f483fe0f7f6737e168a9d6a6b76840a2457ba
- SHA512
  
  d2574857638b303b8ab414649ff69dc6409bbfc7f016ab0f5c96f0f7700b79f618bb1f92c2aa7a5b6ffcec626bb26247776b6577fb4055df3793565e39e7c1e7
- SSDEEP
  
  384:RCs1stIi2IA9J97wUuQ21p2YG5/ca2yy5Bul15XM3a5dWbOoW+Lb6Fjpvfe:+2iBA9JddKp2YG5/caby5Ul15XM3a5X
Score

1^/10
behavioral13 behavioral14
- Target
  
  DAC/bin/fr/SqlPackage.resources.dll
- Size
  
  23KB
- MD5
  
  4a1bdcb903cd29e12f2b50ee6779ea19
- SHA1
  
  5073292a2a97d4ca3f0cba4f826175c8f63178c8
- SHA256
  
  6e450ff5f4ac3ddbb1148555fa057982ad4b9c168d7247132bd7c50b98c5a013
- SHA512
  
  a021667fe2db0654e6cb1d4ae01b4b792f960aefafda7816052a89ad92e07d4cf3080fd2fee31534999fa6a21df14830e28ef6ee16ab95973bee68786b43b8df
- SSDEEP
  
  384:OMK0zz39dQzNuc1MG52bcoYMi+iXUciEfB52fNbU1wl7+Gibl2GMly7kT9S14IcK:Bzz39uzNR1MGIbjYMZ4XiEfBIfJuwqbt
Score

1^/10
behavioral15 behavioral16
- Target
  
  DAC/bin/it/DacUnpack.Resources.dll
- Size
  
  153KB
- MD5
  
  8eb108cb899f91a7719e57251fa20b0e
- SHA1
  
  1daf818a148c215cdf20a4d884573bd30cc7fc6a
- SHA256
  
  a06d7b32cd9df7c6c8bde43bf36198488de046393e63421a04dfb530dab5d151
- SHA512
  
  77cc8aa6367a9720e3b527f32f06abff0fcce78275a63a96ba3ac2b11f595c403898a05656cffc14eae585d6701d7a395bfa6db8a8c643bcb69269d6b727cf07
- SSDEEP
  
  1536:fh1MtooFyAJWnPhC+V2McFkpHgTqmADutfRdPE:fOFHWnPhC+VYOwRdPE
Score

1^/10
behavioral17 behavioral18
- Target
  
  DAC/bin/it/Microsoft.Data.Tools.Schema.Sql.resources.dll
- Size
  
  1.2MB
- MD5
  
  197e2fb3e0d732a92774456984977a8d
- SHA1
  
  a4433ea98bd9b12cf07acbcbd88a71b55f4caa04
- SHA256
  
  5f29cf5ceba2efdfd683337ab00d601e0fea076075b4d86703e8de389f02abb3
- SHA512
  
  f3d46b7567e8e0d9054cf473b891debd04bf7e04f1c7342d42db451918d55cba13ee1c6dcdb8dcda89deba3d4f03e9e32657ee615a1e381afafcb746a01c1416
- SSDEEP
  
  6144:lJsx+lW5aLMMgXe4kOoxcF++AmOnGe7qoSDGswfUg4Qhm9ujrzaT+IrI5iNCdTst:3sx+lW5aLmm4zIiOZzlnlyf
Score

1^/10
behavioral19 behavioral20
- Target
  
  DAC/bin/it/Microsoft.Data.Tools.Utilities.resources.dll
- Size
  
  31KB
- MD5
  
  53d1e598ecab25e52177f20d3e7c50e0
- SHA1
  
  dcfaf00c8d5764f4107d214397f32ace029d031c
- SHA256
  
  d0763d82aa18a0168da0787334ccece35548fa307e05fa36dba663275f3bb349
- SHA512
  
  c9111a21aec8f4b77af433c92633b3b2ecd6e95669db795e48115fbcae5a710927daaf42c2be7f1a2e61b95911307f5c3a4ebf4846936ecd8ff0fb8d3d9e1b8a
- SSDEEP
  
  768:YIxJyP2gxnUNMkmUC4QbiKeYhI7S+NuX8Tm2RZaZb6FjXHUAUA:HgR+N9TmeZad6FrHUAUA
Score

1^/10
behavioral21 behavioral22
- Target
  
  DAC/bin/it/Microsoft.SqlServer.Dac.resources.dll
- Size
  
  17KB
- MD5
  
  21805649ea4e150617b7134fd9f60525
- SHA1
  
  0315e481c2be6ce466deb44d5e2904be92550d75
- SHA256
  
  4d2225e936f37663d14dd99d764233b319a66747a535c05823caa36ddf79b1f5
- SHA512
  
  edceea631b88ae3b5445db8d2663e7f4d6bb1755a6be5a7d96f6918fa34bb02a66b2eeff44efa176f65c27968d0a040a7cd4ec78af3681e66a06b1c2039518fc
- SSDEEP
  
  384:PEGygwbgSCYLzRoUjxA3/z/dWDboWLLb6FjpvbD:2TZCYLW4xA3/z/SFb6Fjpv
Score

1^/10
behavioral23 behavioral24
- Target
  
  DAC/bin/it/SqlPackage.resources.dll
- Size
  
  23KB
- MD5
  
  4a5c4e06501a313e720dac85436452d0
- SHA1
  
  8d89b1e2d2b663ca8905df28e4ecad5ca01adb63
- SHA256
  
  9c84943c57f8910c2ae0c2956ebc9759e38f9cdb04ec7b855b2c1879ce494745
- SHA512
  
  8ee52d0b305a5204b3981025ef683c776b38f06188b2f383b0b66840a8e8b5a56a86ab2937d619ecc5dfc70fb161b2fcfc6a65aa8491fe04d2a8b191f7bb01dd
- SSDEEP
  
  384:4MWdcr2phg6HvjXldWe6SDnMC1wwGNn6aUljLNa3XJovf7nvrWf4jWxLb6FjXHUD:WWre/pMQwJn6/lj0XJEzTgb6FjXHUD
Score

1^/10
behavioral25 behavioral26
- Target
  
  DAC/bin/ja/DacUnpack.Resources.dll
- Size
  
  154KB
- MD5
  
  f64f50c9172b7843771a32c089138384
- SHA1
  
  c078557db404b3ac3c4b10704c3ace48eac928e6
- SHA256
  
  1a3ff4a296f74634ac8295e97b673b9860ff9a4d77e0834d16fb3ca52850e93d
- SHA512
  
  4128022843e11678ce2329a482033ed17377976b5e19f988da4635d53fe19dc15150a3b560d3b0b5c523ff10e420649b535f38199be77175b4d4bcd5ddcb5fae
- SSDEEP
  
  1536:J21FbooFyAJWnPhC+V2McFkpHgTqmAptkVyCIAPA:JmFHWnPhC+VYOIV7PA
Score

1^/10
behavioral27 behavioral28
- Target
  
  License Terms/SqlUserInstance.dll
- Size
  
  150KB
- MD5
  
  423671a408eedd5e51f4d4f6a3de4589
- SHA1
  
  7a96a2c6e2381e78bdd152e3caef75146460f488
- SHA256
  
  b62fab3be134e7765720c0eb579be5a65ae719771b1e39c14ac39958d554b90e
- SHA512
  
  4e9aa8c9ff248d4ec86d79b8515dbe51fa30aa5b28124a2c1872270c30e7887c1d49c573116237f393c29ef431b97110212fdac9d3a27134b6effdc5d373c11c
- SSDEEP
  
  3072:bm07GntHw9i1pCiY/cYCuyaBeipTCl/0YgPjGWuwLWW1cQFaNWpVfxTdv7OH3UCb:k9Y/cpascTg/0YgPjGWuwSW1cQae5TdS
Score

3^/10
behavioral29 behavioral30
- Target
  
  SDK/Assemblies/ru/Microsoft.SqlServer.Management.CollectorEnum.resources.dll
- Size
  
  43KB
- MD5
  
  d635bf17d8e0d92cf5e241986013e81a
- SHA1
  
  bcdbf71d277edbf80121b31e54846cd2cdcb384d
- SHA256
  
  22ee683d767ab6db0720368f492a702df0bf66508b4ab4f20cb5aa0d1439b3c8
- SHA512
  
  64eb1827b5a6860c57c95f155d30f524d735a676cda8d38b2bb321b5e95f135708eabeaa6876b14d83dfe8d5085f279d93720fc8b9148dd81f4a759585d3766f
- SSDEEP
  
  384:2hx39sKd7CSMslDoRVxPu3JOwpZVYftBE4IcpUFo+3q21W6HNpH8WIhGeDpBjTed:T57+b2MGAA2h
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Suspicious use of SetThreadContext

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32