lumma | 9e96536136bdc9152a76145675e95b2b017df754d6bbff6eac68a6331d6fb831 | Triage

Sharing

General

Target

9e96536136bdc9152a76145675e95b2b017df754d6bbff6eac68a6331d6fb831
Size

247KB
Sample

230116-y3l2jsch62
MD5

98d2422acdbd4eea60a57512cd3069b4
SHA1

d357ea4903cca884f57d3a0602a4502968b744d0
SHA256

9e96536136bdc9152a76145675e95b2b017df754d6bbff6eac68a6331d6fb831
SHA512

f8cc90211597d8941ada2c9a09d2c98b799f92ba3c740214e3498fd1681650ba092d46cb0bb9713d94695183a155fc0676226e9e58ea67b50a4a291cd672bd84
SSDEEP

3072:uppkVhAsLN4MTGyZ6D1cclwIP8Ror8qTv4DOQ6FeZ6tbc5WqWFe4cDKyQ/ugDd:KyVhFLHGe8V8Ronv4DH4e4b+/DHXY

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  9e96536136bdc9152a76145675e95b2b017df754d6bbff6eac68a6331d6fb831
- Size
  
  247KB
- MD5
  
  98d2422acdbd4eea60a57512cd3069b4
- SHA1
  
  d357ea4903cca884f57d3a0602a4502968b744d0
- SHA256
  
  9e96536136bdc9152a76145675e95b2b017df754d6bbff6eac68a6331d6fb831
- SHA512
  
  f8cc90211597d8941ada2c9a09d2c98b799f92ba3c740214e3498fd1681650ba092d46cb0bb9713d94695183a155fc0676226e9e58ea67b50a4a291cd672bd84
- SSDEEP
  
  3072:uppkVhAsLN4MTGyZ6D1cclwIP8Ror8qTv4DOQ6FeZ6tbc5WqWFe4cDKyQ/ugDd:KyVhFLHGe8V8Ronv4DH4e4b+/DHXY
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lummaspywarestealer