lumma | 116dde572e8f5a226db39e4dfada33db7ac454017496c4cb215242bdeb96bf50 | Triage

Resubmissions

17-04-2023 11:32

230417-nnjb1afe8t 10

29-03-2023 16:31

230329-t1wqraaf7z 10

Sharing

General

Target

TBMSetup.zip
Size

49.6MB
Sample

230329-t1wqraaf7z
MD5

dc210de60794e4dbf831bf489b197393
SHA1

3293515cf0bd7c6265267f8bc61394b3a7d3515b
SHA256

116dde572e8f5a226db39e4dfada33db7ac454017496c4cb215242bdeb96bf50
SHA512

ef7f9e6cf0257b8460656fa1eec55c1bf4219d9fba88ace5085c465f8ea08bf616870ce8e026cde7378bdb3813968f31679ebd482fb0a7a7ebf55dc3528de3cc
SSDEEP

1572864:PvXs2vSkD9i/O6GWE/D5C4p2tZ5AtKibQ7:37vRi/OiUvf1bQ7

Score

10^/10

lumma spyware stealer

Malware Config

Targets

- Target
  
  TBMSetup.exe
- Size
  
  49.7MB
- MD5
  
  0b9d7f87af8f634c59647aa7622aa08a
- SHA1
  
  e8f6ef5cb9f7ce9e6e0b6045df84e86b618de2a0
- SHA256
  
  3179ecd81c25dc7ceb0e66e0525b31826509398cf98a1302d829d1832d38dbb1
- SHA512
  
  346ec51625e3562614bbc446429144d2fff7417f42440ec3708f61a226f1cfd17eee084a629225e47e942467fc61b89f1732196657b0556d2fc65ffa8bcd4d5f
- SSDEEP
  
  1572864:dm8+bh8WfRD2IwYhsHT57xo8SM2+OzHI1Id7:d6SmJbZET5FzS7xo147
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummaspywarestealer