lumma | 207203dca7c0ba16773befdcbcee1669f5b22a1a14ad66b9c61c717e50d9375a | Triage

Sharing

General

Target

03be25cab5b1c50093bf10ea1579d296ec9e41c49e53046f5348b63c68f14eb7
Size

200KB
Sample

230114-th18hseb3v
MD5

d21c6f5529fb1e399b12562ae5b7afe3
SHA1

465a9331ccd45a2c91064aef2221965e2cedda5e
SHA256

207203dca7c0ba16773befdcbcee1669f5b22a1a14ad66b9c61c717e50d9375a
SHA512

06741086a5209ce27334e68c85980e1c6386d291c6364891625dfd3de20ff2f5a10c2315e5e4e6b81e67fbb82aa3b5b3726247e04e05fbd2d1fccea3e23be1ed
SSDEEP

3072:/fanWPTswcAZSIJqIBCI7jBWq/F6QnaTnbyimT+k4vbFDW3fONs2qS3JjWXY1R9I:6nW9cyqIBL7j0Vq3ivvbxWv+s2pWYC

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  03be25cab5b1c50093bf10ea1579d296ec9e41c49e53046f5348b63c68f14eb7
- Size
  
  298KB
- MD5
  
  abcefdb531bfe79fb30909cf64c23053
- SHA1
  
  b903abe57f5fa8dc1b15ddd1aa88eb908cb24486
- SHA256
  
  03be25cab5b1c50093bf10ea1579d296ec9e41c49e53046f5348b63c68f14eb7
- SHA512
  
  7e52672aae0fda3f52b43f4150e76614549d3562bbaa2f7e714f5fd07c81953a286b55e62e01eef219f4d0600177348db50fa63d3f0574d958c140bb41f0546b
- SSDEEP
  
  6144:+6dB8dB6adfx7tQMAbq3i1vbxWv+9gg8pgpRjFE:+3dttiqy5bxWv+STSL
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummaspywarestealer

behavioral2

lummaspywarestealer