lumma | a49053e7d1596ab72001fc0243e88611e2c4dc210b3ca59182c863b17e25d287 | Triage

Sharing

General

Target

a49053e7d1596ab72001fc0243e88611e2c4dc210b3ca59182c863b17e25d287
Size

249KB
Sample

230116-tfdpfahe59
MD5

9f7bae53f62b0ae26a96d184ffa121be
SHA1

6d35524c256d76386db47871805128126356eff5
SHA256

a49053e7d1596ab72001fc0243e88611e2c4dc210b3ca59182c863b17e25d287
SHA512

93943b933b185e6bab8a084f60c207d64cacc67285d8104808f331af2377357629c2cc7a99ff3b8f457354b4b8d0e2317ba915aa6243f299664c5dce2cbd4504
SSDEEP

6144:ohu1LLOX5ngHJ9O9MFBywnP5aTtPDHXyUC8:ow1LaJnsLmKPABia

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  a49053e7d1596ab72001fc0243e88611e2c4dc210b3ca59182c863b17e25d287
- Size
  
  249KB
- MD5
  
  9f7bae53f62b0ae26a96d184ffa121be
- SHA1
  
  6d35524c256d76386db47871805128126356eff5
- SHA256
  
  a49053e7d1596ab72001fc0243e88611e2c4dc210b3ca59182c863b17e25d287
- SHA512
  
  93943b933b185e6bab8a084f60c207d64cacc67285d8104808f331af2377357629c2cc7a99ff3b8f457354b4b8d0e2317ba915aa6243f299664c5dce2cbd4504
- SSDEEP
  
  6144:ohu1LLOX5ngHJ9O9MFBywnP5aTtPDHXyUC8:ow1LaJnsLmKPABia
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lummaspywarestealer