lumma | 50fd84dfcc9be1f3791a97764ca2b27c29d4e2aaa18170eba2fc43a3d40fa02f | Triage

Sharing

General

Target

50fd84dfcc9be1f3791a97764ca2b27c29d4e2aaa18170eba2fc43a3d40fa02f
Size

247KB
Sample

230116-3ezd7abb5z
MD5

02bc1fc1329b17e4d13a4d781b26fc18
SHA1

6e6220623433816f8e11d828d95f95f27640e3bc
SHA256

50fd84dfcc9be1f3791a97764ca2b27c29d4e2aaa18170eba2fc43a3d40fa02f
SHA512

03001c80f4961dfc88344b2d90de82024b5709e28c211f03cc20369bd89c6124c02a13362207ff256eb4bbddbb82b4267f8683e33b6e89d4f2c7498f61ccfc9b
SSDEEP

3072:Cp/k17KLaP41vDk1MD1ccPwSxO4CAEWWnCFpCGgJysoHBtwTlib/YNJDKyQ/ughd:Wc1GLhDcSPwoPbSGgPJaHQlisNJDHXG

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  50fd84dfcc9be1f3791a97764ca2b27c29d4e2aaa18170eba2fc43a3d40fa02f
- Size
  
  247KB
- MD5
  
  02bc1fc1329b17e4d13a4d781b26fc18
- SHA1
  
  6e6220623433816f8e11d828d95f95f27640e3bc
- SHA256
  
  50fd84dfcc9be1f3791a97764ca2b27c29d4e2aaa18170eba2fc43a3d40fa02f
- SHA512
  
  03001c80f4961dfc88344b2d90de82024b5709e28c211f03cc20369bd89c6124c02a13362207ff256eb4bbddbb82b4267f8683e33b6e89d4f2c7498f61ccfc9b
- SSDEEP
  
  3072:Cp/k17KLaP41vDk1MD1ccPwSxO4CAEWWnCFpCGgJysoHBtwTlib/YNJDKyQ/ughd:Wc1GLhDcSPwoPbSGgPJaHQlisNJDHXG
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lummaspywarestealer