lumma | 4ad2628a70d17229f7a5cbf2e0aabe1906fe673ce29994f97b602f86c6d4915b | Triage

Sharing

General

Target

4ad2628a70d17229f7a5cbf2e0aabe1906fe673ce29994f97b602f86c6d4915b
Size

298KB
Sample

230114-qret4acd3z
MD5

668b8b93297e6a9753e0e469d7532e1e
SHA1

7da331fd41f41c16a77bc4deb785497f889e7634
SHA256

4ad2628a70d17229f7a5cbf2e0aabe1906fe673ce29994f97b602f86c6d4915b
SHA512

bba6fc252a986aeec62ef2c2fbadd246bb226c3b0e31cdb2999f0341f242639bda3b84f7c099ff174c308bbd4efc2d5a7494b46a6ebff3d3bb5d0242e363f4b8
SSDEEP

3072:0XyvTwhGOFVU435MBQbo9Br6QoU1DhnZvsmGPHYoisjjgQxpNapb8pBI8jwWRjoV:wQ6FC4OQkz+sUm2+kjg3pgpRjFE

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  4ad2628a70d17229f7a5cbf2e0aabe1906fe673ce29994f97b602f86c6d4915b
- Size
  
  298KB
- MD5
  
  668b8b93297e6a9753e0e469d7532e1e
- SHA1
  
  7da331fd41f41c16a77bc4deb785497f889e7634
- SHA256
  
  4ad2628a70d17229f7a5cbf2e0aabe1906fe673ce29994f97b602f86c6d4915b
- SHA512
  
  bba6fc252a986aeec62ef2c2fbadd246bb226c3b0e31cdb2999f0341f242639bda3b84f7c099ff174c308bbd4efc2d5a7494b46a6ebff3d3bb5d0242e363f4b8
- SSDEEP
  
  3072:0XyvTwhGOFVU435MBQbo9Br6QoU1DhnZvsmGPHYoisjjgQxpNapb8pBI8jwWRjoV:wQ6FC4OQkz+sUm2+kjg3pgpRjFE
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummaspywarestealer