lumma | df0de6f581fff0ddc9972190887715c30433bc08f4fdd3fbbe7cbfc0a0f9af9a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

2.0MB
Sample

230702-vwz32sdd51
MD5

51a84a10ff8470817143bf75b437cf40
SHA1

81e295b0c89ce4c638343042dce4827449973d64
SHA256

df0de6f581fff0ddc9972190887715c30433bc08f4fdd3fbbe7cbfc0a0f9af9a
SHA512

9fe0c2599805cd1b315b104315a874685b63fad030186e10a03feb3fffe054bc59ea6335db84875a54d7031afd8619e85b7dd9b2be02d58179f3d7c7456fd8aa
SSDEEP

24576:k+GdzBbnH2+MqwZ7ZWDTnEvYDB020/JDD6h0Hf5OO0ii0XPtUTIk9qQHk:kbd9LWtqwZFO4mBwVDtfBHG/E

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

gservice-node.io

Targets

- Target
  
  file.exe
- Size
  
  2.0MB
- MD5
  
  51a84a10ff8470817143bf75b437cf40
- SHA1
  
  81e295b0c89ce4c638343042dce4827449973d64
- SHA256
  
  df0de6f581fff0ddc9972190887715c30433bc08f4fdd3fbbe7cbfc0a0f9af9a
- SHA512
  
  9fe0c2599805cd1b315b104315a874685b63fad030186e10a03feb3fffe054bc59ea6335db84875a54d7031afd8619e85b7dd9b2be02d58179f3d7c7456fd8aa
- SSDEEP
  
  24576:k+GdzBbnH2+MqwZ7ZWDTnEvYDB020/JDD6h0Hf5OO0ii0XPtUTIk9qQHk:kbd9LWtqwZFO4mBwVDtfBHG/E
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummaspywarestealer

behavioral2

lummaspywarestealer