lumma | b57075f06ca1ed41d425367ef08b37b9f87fb88e54d650307485672bce63a87e | Triage

Resubmissions

21-03-2023 23:04

230321-22c9ssdf27 10

21-03-2023 22:48

230321-2rl4ysfe5z 10

Sharing

General

Target

Berkay.exe
Size

56.5MB
Sample

230321-2rl4ysfe5z
MD5

9e8092d308530bc74848eb3ae5ec835e
SHA1

9cd4708d0da074b03e75ec70333981a90b58974e
SHA256

b57075f06ca1ed41d425367ef08b37b9f87fb88e54d650307485672bce63a87e
SHA512

298e039196e17397d45920e71a18814aeb5a941b157cc138aa9590528e85aab01aa60bb3a7f83372b0daf36c050d6f80b3415e1a21ae4b347ec590a70c23c413
SSDEEP

786432:57v+nGMHGwpylp8SmAzvOCfhQl/78QUR7Gy7RAxsmITaiXlC2RHeNpCbwf08NhCJ:CG8pcL5Qly1R6sQVfpnxNhCcrm7

Score

10^/10

lumma spyware stealer

Malware Config

Targets

- Target
  
  Berkay.exe
- Size
  
  56.5MB
- MD5
  
  9e8092d308530bc74848eb3ae5ec835e
- SHA1
  
  9cd4708d0da074b03e75ec70333981a90b58974e
- SHA256
  
  b57075f06ca1ed41d425367ef08b37b9f87fb88e54d650307485672bce63a87e
- SHA512
  
  298e039196e17397d45920e71a18814aeb5a941b157cc138aa9590528e85aab01aa60bb3a7f83372b0daf36c050d6f80b3415e1a21ae4b347ec590a70c23c413
- SSDEEP
  
  786432:57v+nGMHGwpylp8SmAzvOCfhQl/78QUR7Gy7RAxsmITaiXlC2RHeNpCbwf08NhCJ:CG8pcL5Qly1R6sQVfpnxNhCcrm7
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lummaspywarestealer

behavioral2

lummaspywarestealer

behavioral3

lummaspywarestealer