lumma | 3d108804bd4bc7f3c132bcd3d4cc6405bb0c5a7408f0774a87c2ff9f856ac4f0 | Triage

Sharing

General

Target

3d108804bd4bc7f3c132bcd3d4cc6405bb0c5a7408f0774a87c2ff9f856ac4f0
Size

244KB
Sample

230115-crgf2agg69
MD5

7f26c94a8f67858ed74eb7d484c3a04b
SHA1

259a8e19c2f8dd5217d2587e0ae33ca8261bfa40
SHA256

3d108804bd4bc7f3c132bcd3d4cc6405bb0c5a7408f0774a87c2ff9f856ac4f0
SHA512

2f4be4df4abb8b8bc2ee249a27c8ee9d049cb6b0f69c7f6906b7440a00e1031f32ac92b8f928147edb313c5c90aef61d85fb30d02dcb13d2355751e9bf27df94
SSDEEP

3072:yXdHkVQCTyYZlIyB5mcoj6DHYyV5gYurdXOvspqRIvYOdWGwBC0gjOFxN/bapb:y6QCTyYZ5xo69v1kp1vYrv40gjw/+p

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  3d108804bd4bc7f3c132bcd3d4cc6405bb0c5a7408f0774a87c2ff9f856ac4f0
- Size
  
  244KB
- MD5
  
  7f26c94a8f67858ed74eb7d484c3a04b
- SHA1
  
  259a8e19c2f8dd5217d2587e0ae33ca8261bfa40
- SHA256
  
  3d108804bd4bc7f3c132bcd3d4cc6405bb0c5a7408f0774a87c2ff9f856ac4f0
- SHA512
  
  2f4be4df4abb8b8bc2ee249a27c8ee9d049cb6b0f69c7f6906b7440a00e1031f32ac92b8f928147edb313c5c90aef61d85fb30d02dcb13d2355751e9bf27df94
- SSDEEP
  
  3072:yXdHkVQCTyYZlIyB5mcoj6DHYyV5gYurdXOvspqRIvYOdWGwBC0gjOFxN/bapb:y6QCTyYZ5xo69v1kp1vYrv40gjw/+p
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummaspywarestealer