lumma | adfb9a94a162120159f2b496ff473ee14024f24192cc13cf9f829bbae6c4023c | Triage

Sharing

General

Target

adfb9a94a162120159f2b496ff473ee14024f24192cc13cf9f829bbae6c4023c
Size

1.9MB
Sample

230325-z12jwsed73
MD5

ffc87cf5de85e0a6a3941bc91780d928
SHA1

6029ea950091d269d9626343a8defefd1b6c5c1c
SHA256

adfb9a94a162120159f2b496ff473ee14024f24192cc13cf9f829bbae6c4023c
SHA512

98a8f5b8073267e1435a7df8bbc2249f226cb82cda16a18a4e8525d8b068f93aeeca577cff3faf2bacda4493028ae4232189ba98c22883ec9face8cd29105556
SSDEEP

49152:XKcEqlms7r6WKt3iS/rmEPM/u0iEV9IHuxJxruCD:66lms3a3iS/rmOMVVqHuvYCD

Score

10^/10

lumma spyware stealer

Malware Config

Targets

- Target
  
  adfb9a94a162120159f2b496ff473ee14024f24192cc13cf9f829bbae6c4023c
- Size
  
  1.9MB
- MD5
  
  ffc87cf5de85e0a6a3941bc91780d928
- SHA1
  
  6029ea950091d269d9626343a8defefd1b6c5c1c
- SHA256
  
  adfb9a94a162120159f2b496ff473ee14024f24192cc13cf9f829bbae6c4023c
- SHA512
  
  98a8f5b8073267e1435a7df8bbc2249f226cb82cda16a18a4e8525d8b068f93aeeca577cff3faf2bacda4493028ae4232189ba98c22883ec9face8cd29105556
- SSDEEP
  
  49152:XKcEqlms7r6WKt3iS/rmEPM/u0iEV9IHuxJxruCD:66lms3a3iS/rmOMVVqHuvYCD
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lummaspywarestealer