lumma | 114682c8e5db2c28ff8d8caf1e99ed0781b0555f30a5bd34ba11c50472a9adda | Triage

Sharing

General

Target

114682c8e5db2c28ff8d8caf1e99ed0781b0555f30a5bd34ba11c50472a9adda
Size

224KB
Sample

230117-r5expahe82
MD5

9f12ba134af9e047bc4aeec1b72d0ca1
SHA1

18aa6574ec21d39fdf8f66a32a848a72150c6fb7
SHA256

114682c8e5db2c28ff8d8caf1e99ed0781b0555f30a5bd34ba11c50472a9adda
SHA512

75e8caf6594833f9b9fd225ae9a3551dc5ae01cff95746095f9997ce2f8bdf27c52e41623d4a0dc7a74d3a2d4df505e592f3890bb2bc0ad00a1e65f96e414685
SSDEEP

3072:r/X3YyQBnQwHOxs51/0QDHtEbbZKBIMmSIM/J5zQigj1NGP5:TgOrQD0sBXmdMLzQigj/G

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  114682c8e5db2c28ff8d8caf1e99ed0781b0555f30a5bd34ba11c50472a9adda
- Size
  
  224KB
- MD5
  
  9f12ba134af9e047bc4aeec1b72d0ca1
- SHA1
  
  18aa6574ec21d39fdf8f66a32a848a72150c6fb7
- SHA256
  
  114682c8e5db2c28ff8d8caf1e99ed0781b0555f30a5bd34ba11c50472a9adda
- SHA512
  
  75e8caf6594833f9b9fd225ae9a3551dc5ae01cff95746095f9997ce2f8bdf27c52e41623d4a0dc7a74d3a2d4df505e592f3890bb2bc0ad00a1e65f96e414685
- SSDEEP
  
  3072:r/X3YyQBnQwHOxs51/0QDHtEbbZKBIMmSIM/J5zQigj1NGP5:TgOrQD0sBXmdMLzQigj/G
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummaspywarestealer