lumma | 25acf2e334311187267e0e220e41f9ddf3765d0cf073e2d94a913177c36ed888 | Triage

Sharing

General

Target

signed.exe
Size

1.4MB
Sample

230720-q667wshd7x
MD5

ae903de744cdd6c554cf89ff6ee06517
SHA1

9484606f846a5127f53f3a4a0e71ecd125367e3f
SHA256

25acf2e334311187267e0e220e41f9ddf3765d0cf073e2d94a913177c36ed888
SHA512

9dfc0ab16d7cae6367d8f3cc1dd70aec5969f6dd6c26e537ebb6a6de04bf2acaf8e64aaba3e2dc02db3611b6045ae540397e2caeb0150c0b7ee32570db5bae0f
SSDEEP

24576:G4K5UNV516fjqzUqGovqll/Erlh8rG7aQPYRLt9iUzYLn:tV516fjqzDqlBeOrG7aQQKUzen

Score

10^/10

lumma spyware stealer

Malware Config

Targets

- Target
  
  signed.exe
- Size
  
  1.4MB
- MD5
  
  ae903de744cdd6c554cf89ff6ee06517
- SHA1
  
  9484606f846a5127f53f3a4a0e71ecd125367e3f
- SHA256
  
  25acf2e334311187267e0e220e41f9ddf3765d0cf073e2d94a913177c36ed888
- SHA512
  
  9dfc0ab16d7cae6367d8f3cc1dd70aec5969f6dd6c26e537ebb6a6de04bf2acaf8e64aaba3e2dc02db3611b6045ae540397e2caeb0150c0b7ee32570db5bae0f
- SSDEEP
  
  24576:G4K5UNV516fjqzUqGovqll/Erlh8rG7aQPYRLt9iUzYLn:tV516fjqzDqlBeOrG7aQQKUzen
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummaspywarestealer

behavioral2

lummaspywarestealer