lumma | 2a5f489507d629147076be1b84122fea840fc9347c3cbb87474d08b03d5767e6 | Triage

Sharing

General

Target

73cfa816bd989fa7dd51fc1aeff7657323836d86fdc30da54f3d0140376096c5
Size

172KB
Sample

230116-ll9easdb24
MD5

c9bf02ae43c09c6987a025ff45fc0fd3
SHA1

d849ba61a44e24024a665052dd22036c4c95e921
SHA256

2a5f489507d629147076be1b84122fea840fc9347c3cbb87474d08b03d5767e6
SHA512

6486c05f85542bb479c545cc4acfdeeacf870df1529a33330870d645ad0828746ef994340992fec62901c03d33ed3463ca1cb1ee0f181343f63dd2c3e5bb9751
SSDEEP

3072:mFOgFAZY4M9KwcbV6NkSBLYngxTNsRUH62GSHfSokyxMTZrwzEW97WE7q:maZY4MIwgINnBqgxTN8A629/SokwMFr9

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  73cfa816bd989fa7dd51fc1aeff7657323836d86fdc30da54f3d0140376096c5
- Size
  
  248KB
- MD5
  
  d4371171249f45f3af6095825378c055
- SHA1
  
  7c38214ddc9fdf6598f5247272997dd682147717
- SHA256
  
  73cfa816bd989fa7dd51fc1aeff7657323836d86fdc30da54f3d0140376096c5
- SHA512
  
  96f1118afbc83d3738ac00e4b9b9e08f9773fa47edcd422d9951168341f61a63c1e388d775595a23325b6a227a0704a333de14855286cc7a13bc37406b8aba22
- SSDEEP
  
  3072:cYXykb1N+5d5bGN9i8olYgxTNsRUd62GSHfSokyxMTZrVwb+sbi:cs9N+ZGNZFgxTN8c629/SokwMFr
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lummaspywarestealer

behavioral2

lummaspywarestealer