lumma | 36a5d6a13251512cbd0b5ea2b9b34c737d03de659532f4a13a6a9523c4a24c72 | Triage

Submit
Reports

Overview

overview

Static

static

bfc8b43d4c...9f.exe

windows7-x64

bfc8b43d4c...9f.exe

windows10-2004-x64

Analysis

max time kernel
43s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
13-01-2023 17:55

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

bfc8b43d4c867e28e5409b7bb74ea79f.exe

Resource

win7-20220812-en

lumma spyware stealer

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

bfc8b43d4c867e28e5409b7bb74ea79f.exe

Resource

win10v2004-20221111-en

lumma spyware stealer

windows10-2004-x64

4 signatures

150 seconds

Report Analysis Logs

General

Target

bfc8b43d4c867e28e5409b7bb74ea79f.exe
Size

308KB
MD5

bfc8b43d4c867e28e5409b7bb74ea79f
SHA1

d720e74f073ccaf61c3a45ea4b09c2da38c3a753
SHA256

36a5d6a13251512cbd0b5ea2b9b34c737d03de659532f4a13a6a9523c4a24c72
SHA512

84e9bd7089f1cd66dab994997fcb2336d6284eea965832e202d4f70e179cf6e4e9ef8f843cae5a63591a25bd590dd2060820cc707e34574ae736a52006c95e6f
SSDEEP

6144:0diaLB6JorGojJon2NleO4SlJZ9tzrSA3N+:0diaAJOrja2Nt1Z9P3

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Processes

C:\Users\Admin\AppData\Local\Temp\bfc8b43d4c867e28e5409b7bb74ea79f.exe
"C:\Users\Admin\AppData\Local\Temp\bfc8b43d4c867e28e5409b7bb74ea79f.exe"
1⤵
PID:1172

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1172-54-0x0000000075571000-0x0000000075573000-memory.dmp

Filesize
8KB

Download
memory/1172-55-0x00000000002AC000-0x00000000002C5000-memory.dmp

Filesize
100KB

Download
memory/1172-56-0x00000000001B0000-0x00000000001DA000-memory.dmp

Filesize
168KB

Download
memory/1172-57-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/1172-58-0x00000000002AC000-0x00000000002C5000-memory.dmp

Filesize
100KB

Download
memory/1172-59-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download

© 2018-2025

Terms | Privacy