lumma | 00b09c61f9415e65978b3ea196f12cbc9b13e3dc375dc2a28ec27516db91e938 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

00b09c61f9415e65978b3ea196f12cbc9b13e3dc375dc2a28ec27516db91e938
Size

10.7MB
Sample

240328-17d8lsaf94
MD5

0e758ce9675d69f18992143f069d4ed0
SHA1

1f6ffbd4a697a8a14c765285e321f5682855fa73
SHA256

00b09c61f9415e65978b3ea196f12cbc9b13e3dc375dc2a28ec27516db91e938
SHA512

e497978142607534f1c827460a002fca249b02c5a1db14199aec1d59ea96670c1b5cc05554a5bb60e6a6a529f20f0d04de35f536e6402d45cce5e9a3ec4c3601
SSDEEP

49152:Fs4VosV2JHdvJmDzrYPaCGUpmZqcIN9UROZtdBvAMDp58uPFmpfiF8N8HV5A+ZjG:CO2JHrbPa6MvODd5kuIc0EdZ4EMW

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

https://unhappytidydryypwto.shop/api

Targets

- Target
  
  00b09c61f9415e65978b3ea196f12cbc9b13e3dc375dc2a28ec27516db91e938
- Size
  
  10.7MB
- MD5
  
  0e758ce9675d69f18992143f069d4ed0
- SHA1
  
  1f6ffbd4a697a8a14c765285e321f5682855fa73
- SHA256
  
  00b09c61f9415e65978b3ea196f12cbc9b13e3dc375dc2a28ec27516db91e938
- SHA512
  
  e497978142607534f1c827460a002fca249b02c5a1db14199aec1d59ea96670c1b5cc05554a5bb60e6a6a529f20f0d04de35f536e6402d45cce5e9a3ec4c3601
- SSDEEP
  
  49152:Fs4VosV2JHdvJmDzrYPaCGUpmZqcIN9UROZtdBvAMDp58uPFmpfiF8N8HV5A+ZjG:CO2JHrbPa6MvODd5kuIc0EdZ4EMW
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummaspywarestealer