lumma | 8e2cd57127e9163e33ccd2adab7579b19f12c578bbb31c89cfa37abab14d57e5 | Triage

Sharing

General

Target

8e2cd57127e9163e33ccd2adab7579b19f12c578bbb31c89cfa37abab14d57e5
Size

252KB
Sample

230116-qqgx3afh22
MD5

7bd930e1391af6e0b1ea99734f3b7fd8
SHA1

953c292d0c469e031bd753f252b812404a969538
SHA256

8e2cd57127e9163e33ccd2adab7579b19f12c578bbb31c89cfa37abab14d57e5
SHA512

74404c084ad0cf310992a0307a4d666d1ef68e754018525509befeb914817ea89496d6ed684f313c1dcd4bf9395c0c3ddbc6ae3a73146fd6e1ce60e45afdfea7
SSDEEP

6144:WF30HiWLAHtSdCqDnK1ZMF+jcZrzDHXyUC:WF30H/UHtSYqQcZPi

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  8e2cd57127e9163e33ccd2adab7579b19f12c578bbb31c89cfa37abab14d57e5
- Size
  
  252KB
- MD5
  
  7bd930e1391af6e0b1ea99734f3b7fd8
- SHA1
  
  953c292d0c469e031bd753f252b812404a969538
- SHA256
  
  8e2cd57127e9163e33ccd2adab7579b19f12c578bbb31c89cfa37abab14d57e5
- SHA512
  
  74404c084ad0cf310992a0307a4d666d1ef68e754018525509befeb914817ea89496d6ed684f313c1dcd4bf9395c0c3ddbc6ae3a73146fd6e1ce60e45afdfea7
- SSDEEP
  
  6144:WF30HiWLAHtSdCqDnK1ZMF+jcZrzDHXyUC:WF30H/UHtSYqQcZPi
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lummaspywarestealer