lumma | 3ec5e88b1a03ea20d8c599e6cee740a161ceb81421e73f5a9704f43b00f894c8 | Triage

Submit
Reports

Overview

overview

Static

static

3

SolaraBoot...er.exe

windows10-1703-x64

SolaraBoot...er.exe

windows10-2004-x64

Sharing

General

Target

SolaraBootstrapper.exe
Size

956KB
Sample

240704-pr4yjsygla
MD5

6d6c771046cade0d055027a7f406169c
SHA1

2d02ce1778b7ced7f910e08f179da6003fea42f9
SHA256

3ec5e88b1a03ea20d8c599e6cee740a161ceb81421e73f5a9704f43b00f894c8
SHA512

97ff1969c9af04cad9c6c50dcffc39bdc20124e04cf705762ffac1985a26a792cbb29598b76f468b1d2086820602452e252bc4eb0c13884d0e3d0c69fe01e07b
SSDEEP

24576:ORa2dQCtw4JoRuaN70d73wEJ9OgkNPBGt9OXa:6w4JoRuaJVe9OgoXa

Score

10^/10

lumma discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

SolaraBootstrapper.exe

Resource

win10-20240404-en

lumma discovery spyware stealer

windows10-1703-x64

8 signatures

600 seconds

Behavioral task

behavioral2

Sample

SolaraBootstrapper.exe

Resource

win10v2004-20240611-en

lumma discovery spyware stealer

windows10-2004-x64

8 signatures

600 seconds

Malware Config

Extracted

Family

lumma

C2

https://bitchsafettyudjwu.shop/api

Targets

- Target
  
  SolaraBootstrapper.exe
- Size
  
  956KB
- MD5
  
  6d6c771046cade0d055027a7f406169c
- SHA1
  
  2d02ce1778b7ced7f910e08f179da6003fea42f9
- SHA256
  
  3ec5e88b1a03ea20d8c599e6cee740a161ceb81421e73f5a9704f43b00f894c8
- SHA512
  
  97ff1969c9af04cad9c6c50dcffc39bdc20124e04cf705762ffac1985a26a792cbb29598b76f468b1d2086820602452e252bc4eb0c13884d0e3d0c69fe01e07b
- SSDEEP
  
  24576:ORa2dQCtw4JoRuaN70d73wEJ9OgkNPBGt9OXa:6w4JoRuaJVe9OgoXa
Score

10^/10

lumma discovery spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

lummadiscoveryspywarestealer

behavioral2

lummadiscoveryspywarestealer

© 2018-2024

Terms | Privacy