lumma | 85dac40d1f4110209bf105eea8d2ff1d5a6ff8693d1cc368c6fad42cf15942da | Triage

Sharing

General

Target

Installer.zip
Size

15.4MB
Sample

240704-xndk7atdpm
MD5

84f9509d4d4c3689db698ee622daca3d
SHA1

f3291f7f48060f7add3a67b61fff2cfb7f9e2c1c
SHA256

85dac40d1f4110209bf105eea8d2ff1d5a6ff8693d1cc368c6fad42cf15942da
SHA512

cb4790e40677099525be1c3e0f9a72a9c1c58fbf6a5320bf5ea135a2619347884377242338b7fdde5c838a7ed1dda263e8b724115e5cab6166486b7250c2a95b
SSDEEP

393216:XcA9WL8GW/qjRjjT0qT3YNyNYZz7FDklJNO16YyM6XzeaFl85hB+yGG:XZ9dGWApTSzZP6l/O1yTFlufiG

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

https://stationacutwo.shop/api

Targets

- Target
  
  Installer/Installer.exe
- Size
  
  627KB
- MD5
  
  fb34d2867b0e9b76b7397308d06a1f99
- SHA1
  
  8f78602c6f94e37d411e2d93f609fc4d83fc6e7c
- SHA256
  
  3552f5481c4c102368def25f8836b823ff99f709637c1f4c2df05006d7bbe68e
- SHA512
  
  d3f99a78b93dba8d60f1ec2e5b60038a24ed9dccf9cf212e2d7e54cdcf5a240be418443efe7d6b6fe5550ff351bfc60076f6422c3f6746ffb0992c440ec2df1a
- SSDEEP
  
  12288:xSjzAHddkL4iiO2xqC+JuQDZMRRG5DUvYEOhIwC59VETELZ5rW2steZxSAQMirjE:xSjzA9dBD2I
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummaspywarestealer