lumma | 6ebac5146cf168228e348df9f3f1006dc0f9ee26021ac18c8a6b572da174b182 | Triage

Sharing

General

Target

6ebac5146cf168228e348df9f3f1006dc0f9ee26021ac18c8a6b572da174b182
Size

248KB
Sample

230115-vb8vfsda9t
MD5

b7a88887e20e7658af423615d1399590
SHA1

c88ed903fb0cddcf2eba4f0437c476ab34fadf59
SHA256

6ebac5146cf168228e348df9f3f1006dc0f9ee26021ac18c8a6b572da174b182
SHA512

1f96bb4a1739e921a75a7573d5649e5981ffd4ad51eb3712fa88fa8418109d3a69a3937135d00179790db0165a88f408c7fa2671c394da499c75e1b781b1b1c7
SSDEEP

3072:sXp1HGlewa5SyBENHZwQkdW3s7/eWXYYTZz1p3R6XGYra4xxSi:oaeVCNHiQkdW87mWXYYTdYN7

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  6ebac5146cf168228e348df9f3f1006dc0f9ee26021ac18c8a6b572da174b182
- Size
  
  248KB
- MD5
  
  b7a88887e20e7658af423615d1399590
- SHA1
  
  c88ed903fb0cddcf2eba4f0437c476ab34fadf59
- SHA256
  
  6ebac5146cf168228e348df9f3f1006dc0f9ee26021ac18c8a6b572da174b182
- SHA512
  
  1f96bb4a1739e921a75a7573d5649e5981ffd4ad51eb3712fa88fa8418109d3a69a3937135d00179790db0165a88f408c7fa2671c394da499c75e1b781b1b1c7
- SSDEEP
  
  3072:sXp1HGlewa5SyBENHZwQkdW3s7/eWXYYTZz1p3R6XGYra4xxSi:oaeVCNHiQkdW87mWXYYTdYN7
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lummaspywarestealer