lumma | 6c5cff00451680070af8daca0a59ee6a6f467f6b3152f60de6cec6cdcb9cf601 | Triage

Sharing

General

Target

6c5cff00451680070af8daca0a59ee6a6f467f6b3152f60de6cec6cdcb9cf601
Size

2.0MB
Sample

230527-18vxradg2z
MD5

433dbed8a7afbf15bfee967c63a50769
SHA1

858e1279c2f6a47051eb963012099d11d60a881d
SHA256

6c5cff00451680070af8daca0a59ee6a6f467f6b3152f60de6cec6cdcb9cf601
SHA512

06c6af80a5ccc79bcabc64c217289eb3aeaca0fddbe9f1bd60de9927690a77dfd850edcfe0a1f2523e10f0074ae8bcb61076a9feb38d0113d38aff0121a36c4e
SSDEEP

12288:8+GMPjZBXBlm7PRfbjn9pmhpeXN9wqdOlt:VP7QPRz/mhpK4

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

185.99.133.246

Targets

- Target
  
  6c5cff00451680070af8daca0a59ee6a6f467f6b3152f60de6cec6cdcb9cf601
- Size
  
  2.0MB
- MD5
  
  433dbed8a7afbf15bfee967c63a50769
- SHA1
  
  858e1279c2f6a47051eb963012099d11d60a881d
- SHA256
  
  6c5cff00451680070af8daca0a59ee6a6f467f6b3152f60de6cec6cdcb9cf601
- SHA512
  
  06c6af80a5ccc79bcabc64c217289eb3aeaca0fddbe9f1bd60de9927690a77dfd850edcfe0a1f2523e10f0074ae8bcb61076a9feb38d0113d38aff0121a36c4e
- SSDEEP
  
  12288:8+GMPjZBXBlm7PRfbjn9pmhpeXN9wqdOlt:VP7QPRz/mhpK4
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummaspywarestealer

behavioral2

lummaspywarestealer