lumma | 167392b1da683af9a9e24f60f7adf02594bdff5cb8aa211f9a9ce22b55a128a0 | Triage

Sharing

General

Target

3f843f9cf9346c56f29bceee03b9512d84a92bd94b7b6f4ee668bc4a6e3f8047.zip
Size

232KB
Sample

240402-l9frwseh79
MD5

9e1576a7b4f01dfd1838e09b15d2081d
SHA1

69d7ca7b24a4a89e92caba19ca815c11fd7645dd
SHA256

167392b1da683af9a9e24f60f7adf02594bdff5cb8aa211f9a9ce22b55a128a0
SHA512

b13f71d1d0057861eec161c621d7594fd988134893b0a5d52a4780201f4b92b12ffdb77d9f9cd9642f14a1125db6ebc2b251876837f74716c3d1d9c5dfd07ea6
SSDEEP

6144:9Gj5TJqFbazfTWIMCgbIGZt4N4tYCHTNTCFo6bMvX:9GjL+b8yI1GZ2N4tTTcPYv

Score

10^/10

lumma discovery spyware stealer

Malware Config

Extracted

Family

lumma

C2

https://wagonglidemonkywo.shop/api

Targets

- Target
  
  3f843f9cf9346c56f29bceee03b9512d84a92bd94b7b6f4ee668bc4a6e3f8047.exe
- Size
  
  319KB
- MD5
  
  30732747ca33bd37a757c90aada0c604
- SHA1
  
  b175606037f75bc349b5221aa999334d961c471b
- SHA256
  
  3f843f9cf9346c56f29bceee03b9512d84a92bd94b7b6f4ee668bc4a6e3f8047
- SHA512
  
  a672d0d573a3cb2fcb06db975ae3d34ae820f7c14c8e6ce24a1d63da511ff7bb3aaeb331026441729e3def6a9625e444b36e6b2a7d76072ebf08a6e5416980a1
- SSDEEP
  
  6144:DuTgT9kw0NZk9gAGkgAcYjd56miof1AjoM0kkrBS9F:JTKw4ZWg6cYjd55ih8RkkrAF
Score

10^/10

lumma discovery spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummadiscoveryspywarestealer