lumma | 7355b4d748f2e77a4087d687cf3d7827ad14be62ddcedee3ffff3d7271684ecc | Triage

Sharing

General

Target

file.exe
Size

857KB
Sample

230208-zjrclafd3s
MD5

3d52d171523e07600e30ad60d67fcc45
SHA1

a5d89cb745695d0c0d4b8116bdc9a7b892756b95
SHA256

7355b4d748f2e77a4087d687cf3d7827ad14be62ddcedee3ffff3d7271684ecc
SHA512

929867e7a5ae311a3b7ed6a2b973fa17f39bdeb14c953f7dc45805898b8bd2056e97f0bc1ea391fdf1a7e1fc131de24356a331769b52c98aa5a1b8ff32fb2bc1
SSDEEP

24576:vuq/ZM4+TNTXYAlCDuIL0JIYAlCDuIL0rS:6TRIAl3u0JAl3u0r

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  file.exe
- Size
  
  857KB
- MD5
  
  3d52d171523e07600e30ad60d67fcc45
- SHA1
  
  a5d89cb745695d0c0d4b8116bdc9a7b892756b95
- SHA256
  
  7355b4d748f2e77a4087d687cf3d7827ad14be62ddcedee3ffff3d7271684ecc
- SHA512
  
  929867e7a5ae311a3b7ed6a2b973fa17f39bdeb14c953f7dc45805898b8bd2056e97f0bc1ea391fdf1a7e1fc131de24356a331769b52c98aa5a1b8ff32fb2bc1
- SSDEEP
  
  24576:vuq/ZM4+TNTXYAlCDuIL0JIYAlCDuIL0rS:6TRIAl3u0JAl3u0r
Score

10^/10

lumma stealer spyware
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummaspywarestealer