lumma | 86a046300c03712f3d07e9c0e50369937b77a7e8183f3e40574da5de7fc5ce6e | Triage

Sharing

General

Target

levelcomputer.exe
Size

192.4MB
Sample

230825-tma7wsfc8y
MD5

760e4dfcad56f67f80ec4b2def63de69
SHA1

0af7b525ac681f37e6e2d80864a5884d1ff76711
SHA256

86a046300c03712f3d07e9c0e50369937b77a7e8183f3e40574da5de7fc5ce6e
SHA512

bdfeb7e1ce7dc861c853708675024f16ef301081f1cb1e8dc31d7f772d8950984b13e973fbbf1d5ca9b10a28b3e8d6de4da5ef33a6f729be462d2d7119acc705
SSDEEP

6291456:RwNK18un4nZCbavGsedutVPsHdPa1UlcF:6NK6tZ6avyutVmd0U

Score

10^/10

lumma persistence stealer

Malware Config

Targets

- Target
  
  levelcomputer.exe
- Size
  
  192.4MB
- MD5
  
  760e4dfcad56f67f80ec4b2def63de69
- SHA1
  
  0af7b525ac681f37e6e2d80864a5884d1ff76711
- SHA256
  
  86a046300c03712f3d07e9c0e50369937b77a7e8183f3e40574da5de7fc5ce6e
- SHA512
  
  bdfeb7e1ce7dc861c853708675024f16ef301081f1cb1e8dc31d7f772d8950984b13e973fbbf1d5ca9b10a28b3e8d6de4da5ef33a6f729be462d2d7119acc705
- SSDEEP
  
  6291456:RwNK18un4nZCbavGsedutVPsHdPa1UlcF:6NK6tZ6avyutVmd0U
Score

10^/10

persistence lumma stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

lummapersistencestealer

behavioral3

lummapersistencestealer