lumma | 61706481faf4ee1a6fd735fb9ce735bbba1f42f62989ad3ec536ea22e6ad962c | Triage

Sharing

General

Target

3d52d171523e07600e30ad60d67fcc45.bin
Size

590KB
Sample

230210-bkwrpsab32
MD5

c3400a43767c30d3be8541a119a560ca
SHA1

422952ca7c3d1ae40853e49ab7ab0480a4a4779e
SHA256

61706481faf4ee1a6fd735fb9ce735bbba1f42f62989ad3ec536ea22e6ad962c
SHA512

b4b4dd2b95078e46379e12d09c7e6bbf1c70f7afce15e59c413131e90953be37b04fb0a8912c28ee2eeee09d3a5b7d20c421157ab6afe30c166d21c2baef9262
SSDEEP

12288:/stypErltS8eJBYWDOtsBivxkL7Au6eSSlgiXTpWQ:/dyrZeJBlDxwWAuzXlJF

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  7355b4d748f2e77a4087d687cf3d7827ad14be62ddcedee3ffff3d7271684ecc.exe
- Size
  
  857KB
- MD5
  
  3d52d171523e07600e30ad60d67fcc45
- SHA1
  
  a5d89cb745695d0c0d4b8116bdc9a7b892756b95
- SHA256
  
  7355b4d748f2e77a4087d687cf3d7827ad14be62ddcedee3ffff3d7271684ecc
- SHA512
  
  929867e7a5ae311a3b7ed6a2b973fa17f39bdeb14c953f7dc45805898b8bd2056e97f0bc1ea391fdf1a7e1fc131de24356a331769b52c98aa5a1b8ff32fb2bc1
- SSDEEP
  
  24576:vuq/ZM4+TNTXYAlCDuIL0JIYAlCDuIL0rS:6TRIAl3u0JAl3u0r
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummaspywarestealer

behavioral2

lummaspywarestealer