lumma | b78c9c6edd3756702be3d87df39dec7776e412bf4eb93a65c881f2e4a403afe6

General

Target

63dfcc398c3e2bc3fa0ff47386f41465.exe
Size

301KB
Sample

230716-h9vz2ach57
MD5

63dfcc398c3e2bc3fa0ff47386f41465
SHA1

23490cf34a4c3970c86cbbaed3dc671324e89856
SHA256

b78c9c6edd3756702be3d87df39dec7776e412bf4eb93a65c881f2e4a403afe6
SHA512

c264078c9c072bd03b72a00a3be24a5658b6285573999cfe81aa7f675699912a5281bf74272a86f3d44ca3f49a8ac33687f90aacd28171ee737ef4e1229cdb3e
SSDEEP

6144:cL5S1NG6IPg7BsXcmGICGJD0lWGqaVTDqGUPcMRsXK3su2:c01FII7BsXbSsG5VTDqGdKsXg

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

gstatic-node.io

Targets

- Target
  
  63dfcc398c3e2bc3fa0ff47386f41465.exe
- Size
  
  301KB
- MD5
  
  63dfcc398c3e2bc3fa0ff47386f41465
- SHA1
  
  23490cf34a4c3970c86cbbaed3dc671324e89856
- SHA256
  
  b78c9c6edd3756702be3d87df39dec7776e412bf4eb93a65c881f2e4a403afe6
- SHA512
  
  c264078c9c072bd03b72a00a3be24a5658b6285573999cfe81aa7f675699912a5281bf74272a86f3d44ca3f49a8ac33687f90aacd28171ee737ef4e1229cdb3e
- SSDEEP
  
  6144:cL5S1NG6IPg7BsXcmGICGJD0lWGqaVTDqGUPcMRsXK3su2:c01FII7BsXbSsG5VTDqGdKsXg
Score

10^/10

lumma discovery spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

3

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2