lumma | c423db768ce2a1e7f8edd0d3cdd91790ce106ffe067322e4280b77e18556b52a | Triage

Sharing

General

Target

c423db768ce2a1e7f8edd0d3cdd91790ce106ffe067322e4280b77e18556b52a
Size

245KB
Sample

230115-s48n2scd7v
MD5

60780483d42fa4dba558fc4a77dfb96e
SHA1

09b8d575b98aa8c7b2ec1760c91f8c94f4b726a1
SHA256

c423db768ce2a1e7f8edd0d3cdd91790ce106ffe067322e4280b77e18556b52a
SHA512

6dcc5ba37873cc26a9edfd35e8461984ef971018d321748dfa6b9086ab01c3fb9af500eb1af2c44fbd734f5114d0e75a2c2d15e736f56fb1b10a2268978d7659
SSDEEP

3072:BX6sz443tH6PI5mH0mbTMIDgVDfEpcQoVtOeizGpxR3CPon1AhsdnJJi:lHczHbbTDpCgexpz3Ao1Ahm

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  c423db768ce2a1e7f8edd0d3cdd91790ce106ffe067322e4280b77e18556b52a
- Size
  
  245KB
- MD5
  
  60780483d42fa4dba558fc4a77dfb96e
- SHA1
  
  09b8d575b98aa8c7b2ec1760c91f8c94f4b726a1
- SHA256
  
  c423db768ce2a1e7f8edd0d3cdd91790ce106ffe067322e4280b77e18556b52a
- SHA512
  
  6dcc5ba37873cc26a9edfd35e8461984ef971018d321748dfa6b9086ab01c3fb9af500eb1af2c44fbd734f5114d0e75a2c2d15e736f56fb1b10a2268978d7659
- SSDEEP
  
  3072:BX6sz443tH6PI5mH0mbTMIDgVDfEpcQoVtOeizGpxR3CPon1AhsdnJJi:lHczHbbTDpCgexpz3Ao1Ahm
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lummaspywarestealer