lumma | f30ab3c5c9a72ef605d9e171dc9d22e39d1f1114c36d87c24a16b8ccb4a5f749 | Triage

Sharing

General

Target

f30ab3c5c9a72ef605d9e171dc9d22e39d1f1114c36d87c24a16b8ccb4a5f749
Size

248KB
Sample

230115-vyl9zadd8t
MD5

8fb1199711c3b6afd7aa7b8595929e7f
SHA1

ff8f1814fff095fa7cfd6c2bb07a1595b83c89c0
SHA256

f30ab3c5c9a72ef605d9e171dc9d22e39d1f1114c36d87c24a16b8ccb4a5f749
SHA512

dbd8765a9fcebee920335e41da43fc1b025460e3c1293a803be4f440a3cd6c0823f1f3bcd618a49ac8c7d07c29876ec8e2023e11c491f32faf16401a60821926
SSDEEP

3072:oXG1qQtNXs51ydxXri2ziRE5vGrziTvFDGqRmG8nTcgj/zir7ssp7i:8QBzXpCy+Ha9DGqRmGocgqdp

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  f30ab3c5c9a72ef605d9e171dc9d22e39d1f1114c36d87c24a16b8ccb4a5f749
- Size
  
  248KB
- MD5
  
  8fb1199711c3b6afd7aa7b8595929e7f
- SHA1
  
  ff8f1814fff095fa7cfd6c2bb07a1595b83c89c0
- SHA256
  
  f30ab3c5c9a72ef605d9e171dc9d22e39d1f1114c36d87c24a16b8ccb4a5f749
- SHA512
  
  dbd8765a9fcebee920335e41da43fc1b025460e3c1293a803be4f440a3cd6c0823f1f3bcd618a49ac8c7d07c29876ec8e2023e11c491f32faf16401a60821926
- SSDEEP
  
  3072:oXG1qQtNXs51ydxXri2ziRE5vGrziTvFDGqRmG8nTcgj/zir7ssp7i:8QBzXpCy+Ha9DGqRmGocgqdp
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummaspywarestealer