lumma | e059283e5f151568f61075b4aee88996991b130cc31be433ecc0738b99607fb8 | Triage

Sharing

General

Target

2f1c7433a00d30601e7c917054410f18.bin
Size

1.6MB
Sample

230715-bn8wfagf44
MD5

c3cd5e8afa816a9bd0bce17353676c9f
SHA1

38b94dcf4b0c9ace5c3c1f7bad20ef5d4461b5b1
SHA256

e059283e5f151568f61075b4aee88996991b130cc31be433ecc0738b99607fb8
SHA512

75614c6d4af71d14747d91e0f9826923bb7393535570d00ff83eaac5640e3f38eeb0bf6839db9ca86f61e01012739813a9a55627720180584b113e9a3b24e4f1
SSDEEP

49152:CJfSkTwxx2hH1DmzhP/NZh9eN/fkt7h9aw5qyG12V7:YzTwT2pBuThgN/fkt7h9awbB7

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

gstatic-node.io

Targets

- Target
  
  538c15e2ef697a6df0e325be5536e0e7c88f1faf9cbd583cd054f43282a1ba85.exe
- Size
  
  2.4MB
- MD5
  
  2f1c7433a00d30601e7c917054410f18
- SHA1
  
  77b00246cb930221bed6240a8ee54108831b3817
- SHA256
  
  538c15e2ef697a6df0e325be5536e0e7c88f1faf9cbd583cd054f43282a1ba85
- SHA512
  
  ad0c508a0f858ff5c263bd1077bebaf1cb77b2e8edc89bed00e6c49ef0f8f08d7a37fdd05c16a7896270b00a298b2b75e5cedd533ecf42afe19ea86f73ac403a
- SSDEEP
  
  49152:GCWafkAugEDgzEApyWBO1qymUVUtPcmcwd:LV5EDK/kqyZVUtPcb4
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummaspywarestealer

behavioral2

lummaspywarestealer