lumma | 538c15e2ef697a6df0e325be5536e0e7c88f1faf9cbd583cd054f43282a1ba85 | Triage

Sharing

General

Target

file.exe
Size

2.4MB
Sample

230713-sbkrhsaa6s
MD5

2f1c7433a00d30601e7c917054410f18
SHA1

77b00246cb930221bed6240a8ee54108831b3817
SHA256

538c15e2ef697a6df0e325be5536e0e7c88f1faf9cbd583cd054f43282a1ba85
SHA512

ad0c508a0f858ff5c263bd1077bebaf1cb77b2e8edc89bed00e6c49ef0f8f08d7a37fdd05c16a7896270b00a298b2b75e5cedd533ecf42afe19ea86f73ac403a
SSDEEP

49152:GCWafkAugEDgzEApyWBO1qymUVUtPcmcwd:LV5EDK/kqyZVUtPcb4

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

gstatic-node.io

Targets

- Target
  
  file.exe
- Size
  
  2.4MB
- MD5
  
  2f1c7433a00d30601e7c917054410f18
- SHA1
  
  77b00246cb930221bed6240a8ee54108831b3817
- SHA256
  
  538c15e2ef697a6df0e325be5536e0e7c88f1faf9cbd583cd054f43282a1ba85
- SHA512
  
  ad0c508a0f858ff5c263bd1077bebaf1cb77b2e8edc89bed00e6c49ef0f8f08d7a37fdd05c16a7896270b00a298b2b75e5cedd533ecf42afe19ea86f73ac403a
- SSDEEP
  
  49152:GCWafkAugEDgzEApyWBO1qymUVUtPcmcwd:LV5EDK/kqyZVUtPcb4
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummaspywarestealer

behavioral2

lummaspywarestealer