lumma | 8059343dd1bd2043009e81a54115ea921ebe7467c35ac05c43e6acd013eec085 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

2.3MB
Sample

230521-bjcx7sfe58
MD5

bdbc48b665a422c5845109cc594536a6
SHA1

a3e7b4c35d31f0479af9be082b85910cf1e68fa6
SHA256

8059343dd1bd2043009e81a54115ea921ebe7467c35ac05c43e6acd013eec085
SHA512

39c22e0a4864f3665d692343799160413ee6ed51e6e6a62c0c7da1cf7de46c5b057fce9826d69bb6044b9171700de75cc639be0da1e75a824a2c0ccc1735657f
SSDEEP

49152:d53xYNqUy45WgWBJNf8UVYfVRgQyPbuQ7ROwYkP8iEhy5PntI/:d1uNjWfTNfNEa5TzRH8kxnt0

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

195.123.227.138

Targets

- Target
  
  file.exe
- Size
  
  2.3MB
- MD5
  
  bdbc48b665a422c5845109cc594536a6
- SHA1
  
  a3e7b4c35d31f0479af9be082b85910cf1e68fa6
- SHA256
  
  8059343dd1bd2043009e81a54115ea921ebe7467c35ac05c43e6acd013eec085
- SHA512
  
  39c22e0a4864f3665d692343799160413ee6ed51e6e6a62c0c7da1cf7de46c5b057fce9826d69bb6044b9171700de75cc639be0da1e75a824a2c0ccc1735657f
- SSDEEP
  
  49152:d53xYNqUy45WgWBJNf8UVYfVRgQyPbuQ7ROwYkP8iEhy5PntI/:d1uNjWfTNfNEa5TzRH8kxnt0
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummaspywarestealer