lumma | 9f1a567015f16053acb0b8e7cd8fd535e992ae7e88b4f57e91c0cc8621ac6a2c | Triage

Sharing

General

Target

Ronawind Setup - V5.8.4.zip
Size

49.6MB
Sample

230328-1vk6dsfc5t
MD5

5809e220fd163436cd58e695ec5f7412
SHA1

7db3b15b2de9b432fe6493afde292db61e7f7a7f
SHA256

9f1a567015f16053acb0b8e7cd8fd535e992ae7e88b4f57e91c0cc8621ac6a2c
SHA512

1dad7418f3255bcafbcabf581e365d03db215139d489649e103a1a8c2b72bed36d963dbc9fdf44f96155857965fcc02bf67192082013d916adb8f3a4d803f84d
SSDEEP

786432:3/QhjIAID00M4gBnQTKYQWW2MgsTbol4FTnW9OqHzTzXh1rVeNeLxjvHNRdWu:YOt00QQuYaWsonzXrrVFMu

Score

10^/10

lumma spyware stealer

Malware Config

Targets

- Target
  
  Ronawind Setup.exe
- Size
  
  49.7MB
- MD5
  
  ec7b0e057e7b4306b5112c8fea5de73c
- SHA1
  
  bfe3516d3c074bb3fc5c2cb6052b9917cfbf8f5c
- SHA256
  
  47a362a1189e07b9cff0f13504aa3e1c292c159dc4ea7d55d40ca4b4642a470d
- SHA512
  
  0978dcdb15d143c2395bc90bc454e1f889f2488f5631a7f7c85d47d016916a61a848b1b352d733603630bdd749804527fc2675d013f88f0c1055ce672e2a57d2
- SSDEEP
  
  786432:Up8ehJaImWlZuEl+zWxoISnYhspl78uiKplppa0o8SM2riBEnT0++G9O7L7:xWfRD2IwYhsHT57xo8SM2+OnvIv7
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummaspywarestealer