lumma | 56e07e3307b39cd0536005f7848995126510fc5c5f8112dd85a7eb59933279be | Triage

Submit
Reports

Overview

overview

Static

static

1

7fb411ee3e...0b.exe

windows7-x64

7fb411ee3e...0b.exe

windows10-2004-x64

Sharing

General

Target

a8001f151c1ce13aac56097a2bf1f789.bin
Size

1.9MB
Sample

230330-b6sl6scc2t
MD5

99a7d927f138943ed8d892bf782e2e61
SHA1

b39dc9ca4c5bce9e34fc31a6edd19cb5f93b4bff
SHA256

56e07e3307b39cd0536005f7848995126510fc5c5f8112dd85a7eb59933279be
SHA512

d6f40462f8581195d4bb44d27e289b6809387afea29f3d17c22fa186f72c23f0b58d514f81a66dbc3c015ac32352205bacce5d9057861a2e8005ee43a20e00c6
SSDEEP

49152:3pOG2yIrUjfYgXrRSsCYQVDsIYgxdL1xX5hKj3U+s4l/4:3p528jfYgVqYm59zL1xXKjE+s4l/4

Score

10^/10

lumma discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

7fb411ee3e34e4b79b372b7d2321bf69b46de30c3286edccb7621562caefb60b.exe

Resource

win7-20230220-en

lumma discovery spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

7fb411ee3e34e4b79b372b7d2321bf69b46de30c3286edccb7621562caefb60b.exe

Resource

win10v2004-20230220-en

lumma discovery spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  7fb411ee3e34e4b79b372b7d2321bf69b46de30c3286edccb7621562caefb60b.exe
- Size
  
  3.9MB
- MD5
  
  a8001f151c1ce13aac56097a2bf1f789
- SHA1
  
  414d9f4219570bc75eb6e6cf2932c4fb407afa56
- SHA256
  
  7fb411ee3e34e4b79b372b7d2321bf69b46de30c3286edccb7621562caefb60b
- SHA512
  
  9c20f91c378d9559f6e5115857401def02145bb665a4c64f7842175b077bb6406544caa8197c9713f9b22943ffd87405beb809cf0e684c53b934acfe8d421060
- SSDEEP
  
  49152:ZHVpQMSWLLKUmQUSgYaNrb5c90DNQdjK/c0kCs:Z1pjSWL5
Score

10^/10

lumma discovery spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lummadiscoveryspywarestealer

behavioral2

lummadiscoveryspywarestealer

© 2018-2024

Terms | Privacy