lumma | 758601b7d2c4c1c3ba050f4c9b0fd65f31f8d411965e2529ee22af93623f4148 | Triage

Sharing

General

Target

758601b7d2c4c1c3ba050f4c9b0fd65f31f8d411965e2529ee22af93623f4148
Size

245KB
Sample

230115-e6vy3saa75
MD5

f39ffa9812c55774a4dd1451b23fa2d4
SHA1

f9f60ac20bfe819d2a012d0fb19e88ea4e4a348d
SHA256

758601b7d2c4c1c3ba050f4c9b0fd65f31f8d411965e2529ee22af93623f4148
SHA512

d35209af1f3ed8f0249bc14f70b9c6e95e88abc5c7d10d9e906761a09b98731c1279f87bae9699158e65e07e55e7f6a9d71be0dc9c4a6f07c529d2a668266b13
SSDEEP

3072:6X6yzapOKC/IC3FZvb5RWJyYC0cM2qHzH+8nYZECMuxljcrapb:aioKC/IKvjWjCiT68nYZCMAup

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  758601b7d2c4c1c3ba050f4c9b0fd65f31f8d411965e2529ee22af93623f4148
- Size
  
  245KB
- MD5
  
  f39ffa9812c55774a4dd1451b23fa2d4
- SHA1
  
  f9f60ac20bfe819d2a012d0fb19e88ea4e4a348d
- SHA256
  
  758601b7d2c4c1c3ba050f4c9b0fd65f31f8d411965e2529ee22af93623f4148
- SHA512
  
  d35209af1f3ed8f0249bc14f70b9c6e95e88abc5c7d10d9e906761a09b98731c1279f87bae9699158e65e07e55e7f6a9d71be0dc9c4a6f07c529d2a668266b13
- SSDEEP
  
  3072:6X6yzapOKC/IC3FZvb5RWJyYC0cM2qHzH+8nYZECMuxljcrapb:aioKC/IKvjWjCiT68nYZCMAup
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lummaspywarestealer