lumma | 443aaac9259917f8116829fc36dbf0569034aad632777d9cc67200b32338cd84 | Triage

Sharing

General

Target

443aaac9259917f8116829fc36dbf0569034aad632777d9cc67200b32338cd84
Size

3.2MB
Sample

230721-qyspjaeh59
MD5

bdf59f927ef99ae5b7a45d8e3d05700f
SHA1

bb7724f28e1835b04e943e7ff6ad82b0fd8b8a7e
SHA256

443aaac9259917f8116829fc36dbf0569034aad632777d9cc67200b32338cd84
SHA512

7fdd428eb404e199569cbe4af4747fe6e068e44c448f70fc9fea02faedce05974903961a4679a7f473bfa84d08c8b2c0dee466d5870fe80d11fb6667f2e83cb1
SSDEEP

49152:lAZgWNUovSitGs0pXGimIricmNUDAiG1eAkvKUFOGZcApfiJoxF:lARUXgIiLiTlvKUsG2ApWoxF

Score

10^/10

lumma spyware stealer

Malware Config

Targets

- Target
  
  443aaac9259917f8116829fc36dbf0569034aad632777d9cc67200b32338cd84
- Size
  
  3.2MB
- MD5
  
  bdf59f927ef99ae5b7a45d8e3d05700f
- SHA1
  
  bb7724f28e1835b04e943e7ff6ad82b0fd8b8a7e
- SHA256
  
  443aaac9259917f8116829fc36dbf0569034aad632777d9cc67200b32338cd84
- SHA512
  
  7fdd428eb404e199569cbe4af4747fe6e068e44c448f70fc9fea02faedce05974903961a4679a7f473bfa84d08c8b2c0dee466d5870fe80d11fb6667f2e83cb1
- SSDEEP
  
  49152:lAZgWNUovSitGs0pXGimIricmNUDAiG1eAkvKUFOGZcApfiJoxF:lARUXgIiLiTlvKUsG2ApWoxF
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummaspywarestealer