lumma | 59a17f7f20936d429ceb4729499ffc12fc2b9373a20ec277e396d7699fc6ebe0 | Triage

Sharing

General

Target

59a17f7f20936d429ceb4729499ffc12fc2b9373a20ec277e396d7699fc6ebe0
Size

245KB
Sample

230115-j4jkgscb84
MD5

4341e22f2a2b9cd03f1f269badc736bc
SHA1

12f2739b29db54de44adfef697b26cc00b3b352d
SHA256

59a17f7f20936d429ceb4729499ffc12fc2b9373a20ec277e396d7699fc6ebe0
SHA512

316803a0adac5d7ec7be0b4523f80f86eced66587ddcf50a4368d1d4b31bdda7e49f482f2dc8e36a3fbe1f6ab79ed20bd5cc18a262854b8e8a257f19a21b33ca
SSDEEP

3072:xXxKvqKK4dBye3F45cQuf1x2VqN2YINjAwAhinc+iJw7CQSbgxlDNapb:VHKK4dBJDh1x2VZYUAn0CA/8K4p

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  59a17f7f20936d429ceb4729499ffc12fc2b9373a20ec277e396d7699fc6ebe0
- Size
  
  245KB
- MD5
  
  4341e22f2a2b9cd03f1f269badc736bc
- SHA1
  
  12f2739b29db54de44adfef697b26cc00b3b352d
- SHA256
  
  59a17f7f20936d429ceb4729499ffc12fc2b9373a20ec277e396d7699fc6ebe0
- SHA512
  
  316803a0adac5d7ec7be0b4523f80f86eced66587ddcf50a4368d1d4b31bdda7e49f482f2dc8e36a3fbe1f6ab79ed20bd5cc18a262854b8e8a257f19a21b33ca
- SSDEEP
  
  3072:xXxKvqKK4dBye3F45cQuf1x2VqN2YINjAwAhinc+iJw7CQSbgxlDNapb:VHKK4dBJDh1x2VZYUAn0CA/8K4p
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lummaspywarestealer