lumma | 5d359d437372dee4a4708133fde69dfcf9f16e2ddc2f21c1864019a70a9e3ebc | Triage

Sharing

General

Target

5d359d437372dee4a4708133fde69dfcf9f16e2ddc2f21c1864019a70a9e3ebc
Size

276KB
Sample

230116-lsmh4sdb89
MD5

4c9333550914da09caa6121c2d5b0712
SHA1

e5487bf23307c6db60ba56b84815052a6f97a662
SHA256

5d359d437372dee4a4708133fde69dfcf9f16e2ddc2f21c1864019a70a9e3ebc
SHA512

1efa054b591ec674b390af8f3cb0a25f83b448e028d848da62c5f2c1d1fa631d3242eaddb2111ac39865f87a3825edcd59e4bfd4fbf2780549c0c918a08d1b7c
SSDEEP

6144:B+X6NLiNqvPCRvU4//qFn1RnAX2JDhU4zqQna:B+XgWNQPMvUE/qF1RnAXKlFP

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  5d359d437372dee4a4708133fde69dfcf9f16e2ddc2f21c1864019a70a9e3ebc
- Size
  
  276KB
- MD5
  
  4c9333550914da09caa6121c2d5b0712
- SHA1
  
  e5487bf23307c6db60ba56b84815052a6f97a662
- SHA256
  
  5d359d437372dee4a4708133fde69dfcf9f16e2ddc2f21c1864019a70a9e3ebc
- SHA512
  
  1efa054b591ec674b390af8f3cb0a25f83b448e028d848da62c5f2c1d1fa631d3242eaddb2111ac39865f87a3825edcd59e4bfd4fbf2780549c0c918a08d1b7c
- SSDEEP
  
  6144:B+X6NLiNqvPCRvU4//qFn1RnAX2JDhU4zqQna:B+XgWNQPMvUE/qF1RnAXKlFP
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummaspywarestealer