lumma | aa3a7343485d41c250d2ccfe85d8efd16e9e9f1a4c648e67c109998fa6b049b5 | Triage

Sharing

General

Target

aa3a7343485d41c250d2ccfe85d8efd16e9e9f1a4c648e67c109998fa6b049b5
Size

245KB
Sample

230115-pb1wysad3w
MD5

0ccbec377710f5e58b2d01685f1ecb72
SHA1

af747d213c4a3dad010b455f42439bf60b9880a1
SHA256

aa3a7343485d41c250d2ccfe85d8efd16e9e9f1a4c648e67c109998fa6b049b5
SHA512

dabb331a125b87726c387ca24380f8d58074773ebb75dd526cbbe9ef8304efeafb81f0b7dea4dd4546c3ffd7a78fbf2bbe3afdaeb57f98f96ec3ec36902820e7
SSDEEP

3072:nXtB8Q4ZnUmPI51sT12dENV3XJ8IAN1ppRvyhm6fi:X8bBFx2g5HANS

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  aa3a7343485d41c250d2ccfe85d8efd16e9e9f1a4c648e67c109998fa6b049b5
- Size
  
  245KB
- MD5
  
  0ccbec377710f5e58b2d01685f1ecb72
- SHA1
  
  af747d213c4a3dad010b455f42439bf60b9880a1
- SHA256
  
  aa3a7343485d41c250d2ccfe85d8efd16e9e9f1a4c648e67c109998fa6b049b5
- SHA512
  
  dabb331a125b87726c387ca24380f8d58074773ebb75dd526cbbe9ef8304efeafb81f0b7dea4dd4546c3ffd7a78fbf2bbe3afdaeb57f98f96ec3ec36902820e7
- SSDEEP
  
  3072:nXtB8Q4ZnUmPI51sT12dENV3XJ8IAN1ppRvyhm6fi:X8bBFx2g5HANS
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lummaspywarestealer