lumma | 5d359d437372dee4a4708133fde69dfcf9f16e2ddc2f21c1864019a70a9e3ebc | Triage

Sharing

General

Target

5d359d437372dee4a4708133fde69dfcf9f16e2ddc2f21c1864019a70a9e3ebc
Size

276KB
Sample

230116-lsmh4sdb89
MD5

4c9333550914da09caa6121c2d5b0712
SHA1

e5487bf23307c6db60ba56b84815052a6f97a662
SHA256

5d359d437372dee4a4708133fde69dfcf9f16e2ddc2f21c1864019a70a9e3ebc
SHA512

1efa054b591ec674b390af8f3cb0a25f83b448e028d848da62c5f2c1d1fa631d3242eaddb2111ac39865f87a3825edcd59e4bfd4fbf2780549c0c918a08d1b7c
SSDEEP

6144:B+X6NLiNqvPCRvU4//qFn1RnAX2JDhU4zqQna:B+XgWNQPMvUE/qF1RnAXKlFP

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  5d359d437372dee4a4708133fde69dfcf9f16e2ddc2f21c1864019a70a9e3ebc
- Size
  
  276KB
- MD5
  
  4c9333550914da09caa6121c2d5b0712
- SHA1
  
  e5487bf23307c6db60ba56b84815052a6f97a662
- SHA256
  
  5d359d437372dee4a4708133fde69dfcf9f16e2ddc2f21c1864019a70a9e3ebc
- SHA512
  
  1efa054b591ec674b390af8f3cb0a25f83b448e028d848da62c5f2c1d1fa631d3242eaddb2111ac39865f87a3825edcd59e4bfd4fbf2780549c0c918a08d1b7c
- SSDEEP
  
  6144:B+X6NLiNqvPCRvU4//qFn1RnAX2JDhU4zqQna:B+XgWNQPMvUE/qF1RnAXKlFP
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lummaspywarestealer