lumma | b0ae6286cdc68376b0d00a8d26591122fb82f74d871ae638cc76d7b06832990e | Triage

Sharing

General

Target

b0ae6286cdc68376b0d00a8d26591122fb82f74d871ae638cc76d7b06832990e
Size

245KB
Sample

230114-wad45afb21
MD5

cf871ea008944c8de61c74e492524181
SHA1

8a678c7f9d6471aa987cdf8abd0ab09db8b1eb0c
SHA256

b0ae6286cdc68376b0d00a8d26591122fb82f74d871ae638cc76d7b06832990e
SHA512

3eae107e65e30a3e9e629ddf8722d1124efa0cbb1aad9e0ec5c213dd2b496003fc7517f3632eb70925950f2d26958fe76907a81a9191a4770860aad2572a637e
SSDEEP

3072:fXx4L8Y0ORnQY5VhdMWgWuhra+AqpFABXq0NaJt7DZ+X8TQTKRGxn4hapb:PKDKs88Url5QraJt7q1RRp

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  b0ae6286cdc68376b0d00a8d26591122fb82f74d871ae638cc76d7b06832990e
- Size
  
  245KB
- MD5
  
  cf871ea008944c8de61c74e492524181
- SHA1
  
  8a678c7f9d6471aa987cdf8abd0ab09db8b1eb0c
- SHA256
  
  b0ae6286cdc68376b0d00a8d26591122fb82f74d871ae638cc76d7b06832990e
- SHA512
  
  3eae107e65e30a3e9e629ddf8722d1124efa0cbb1aad9e0ec5c213dd2b496003fc7517f3632eb70925950f2d26958fe76907a81a9191a4770860aad2572a637e
- SSDEEP
  
  3072:fXx4L8Y0ORnQY5VhdMWgWuhra+AqpFABXq0NaJt7DZ+X8TQTKRGxn4hapb:PKDKs88Url5QraJt7q1RRp
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummaspywarestealer