lumma | 5c180cd34694c91bc7f4ecaf67d4f462f10254d190d181e02a2a2a7e03d44204 | Triage

Sharing

General

Target

C4A17DBA.exe
Size

755KB
Sample

230716-yaastage56
MD5

b0517305850d5be8e02a648bb90a3c6d
SHA1

24e75c0ea6b07fd3c4e03c6661ed911632f3e784
SHA256

5c180cd34694c91bc7f4ecaf67d4f462f10254d190d181e02a2a2a7e03d44204
SHA512

17207aec32a872ad024fb2c67e272830454ca69b095c8b43a1db46c842c6e8530b10a3cc9f1c4d596757949d8a2c448bae44d058f614f037cbf93cb036ca26af
SSDEEP

12288:IsjWYqfNTYmessZerchdW7lRA3aDloJZsjudEDT26qh+kB:IsjWYGYnZQchI83mlamGv6a

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

gstatic-node.io

Targets

- Target
  
  C4A17DBA.exe
- Size
  
  755KB
- MD5
  
  b0517305850d5be8e02a648bb90a3c6d
- SHA1
  
  24e75c0ea6b07fd3c4e03c6661ed911632f3e784
- SHA256
  
  5c180cd34694c91bc7f4ecaf67d4f462f10254d190d181e02a2a2a7e03d44204
- SHA512
  
  17207aec32a872ad024fb2c67e272830454ca69b095c8b43a1db46c842c6e8530b10a3cc9f1c4d596757949d8a2c448bae44d058f614f037cbf93cb036ca26af
- SSDEEP
  
  12288:IsjWYqfNTYmessZerchdW7lRA3aDloJZsjudEDT26qh+kB:IsjWYGYnZQchI83mlamGv6a
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummaspywarestealer

behavioral2

lummaspywarestealer