lumma | 671cc9e1189a0b67fb5ec59c8538865b91038021eac747e4d3db0ed13790549c | Triage

Resubmissions

14-05-2023 07:35

230514-jer6bsdd61 10

01-04-2023 07:48

230401-jm77hsgg63 10

Sharing

General

Target

Full-Best_version.zip
Size

5.9MB
Sample

230514-jer6bsdd61
MD5

ca4d02a99b0ecf2343f0f4b3248f26e7
SHA1

419a4e894b0db65980ed6fe2b5f766eb4a0a5bb3
SHA256

671cc9e1189a0b67fb5ec59c8538865b91038021eac747e4d3db0ed13790549c
SHA512

fcc3683b740039aecba0802641c7adc5d8ab8960a24b0758353834db53452c1311dd2d45ee87d121ac483a244cec182b4ef76ea89ad7bf2239694258ace92391
SSDEEP

98304:duhx+eGVwmJxn1iBB8mkgbdn96+SFCGOX+EMg9YpJNoz7WFHWQZRKEiR+n:dMsdVJ/kgqZMuXMg9AJuzfQZUJq

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

82.117.255.127

Targets

- Target
  
  Full-Best_version/Full-Best_version.exe
- Size
  
  688.2MB
- MD5
  
  4af00a6726258091519a23c663f3b5c5
- SHA1
  
  4b68a3f48b1358f5f6506295a908ac664fbe005b
- SHA256
  
  6167c27834aefe5443ba3fc65a9deaea4229873d2b8a8e3b749eeccd1ca61166
- SHA512
  
  0d8325a87497b4ff5fe8aa3408027f1727730ed75079a074b89fc2d74d09a095c6dabd02f204e6441a4fd18c4483e848df25ece8dbe0191cd2949c22930c285b
- SSDEEP
  
  24576:uemoKVciD2JhGtClhWL5pR1MUEMQa6tbzae6DgTXuQ5gurgaBPe4qdlTh7bmtVXP:uemVuY1+GYPc472Q
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lummaspywarestealer

behavioral2

lummaspywarestealer