lumma | 59a17f7f20936d429ceb4729499ffc12fc2b9373a20ec277e396d7699fc6ebe0 | Triage

Sharing

General

Target

59a17f7f20936d429ceb4729499ffc12fc2b9373a20ec277e396d7699fc6ebe0
Size

245KB
Sample

230115-j4jkgscb84
MD5

4341e22f2a2b9cd03f1f269badc736bc
SHA1

12f2739b29db54de44adfef697b26cc00b3b352d
SHA256

59a17f7f20936d429ceb4729499ffc12fc2b9373a20ec277e396d7699fc6ebe0
SHA512

316803a0adac5d7ec7be0b4523f80f86eced66587ddcf50a4368d1d4b31bdda7e49f482f2dc8e36a3fbe1f6ab79ed20bd5cc18a262854b8e8a257f19a21b33ca
SSDEEP

3072:xXxKvqKK4dBye3F45cQuf1x2VqN2YINjAwAhinc+iJw7CQSbgxlDNapb:VHKK4dBJDh1x2VZYUAn0CA/8K4p

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  59a17f7f20936d429ceb4729499ffc12fc2b9373a20ec277e396d7699fc6ebe0
- Size
  
  245KB
- MD5
  
  4341e22f2a2b9cd03f1f269badc736bc
- SHA1
  
  12f2739b29db54de44adfef697b26cc00b3b352d
- SHA256
  
  59a17f7f20936d429ceb4729499ffc12fc2b9373a20ec277e396d7699fc6ebe0
- SHA512
  
  316803a0adac5d7ec7be0b4523f80f86eced66587ddcf50a4368d1d4b31bdda7e49f482f2dc8e36a3fbe1f6ab79ed20bd5cc18a262854b8e8a257f19a21b33ca
- SSDEEP
  
  3072:xXxKvqKK4dBye3F45cQuf1x2VqN2YINjAwAhinc+iJw7CQSbgxlDNapb:VHKK4dBJDh1x2VZYUAn0CA/8K4p
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummaspywarestealer