lumma | 3b51f5cb57c8c66d343fc1998d2df315ea84a76fafdd51b9f316cef2886f5d40 | Triage

Sharing

General

Target

setup.zip
Size

3.4MB
Sample

240705-q4rz7azaqk
MD5

56dff5ac6c8684da67332c80988acb72
SHA1

62050eb85d85071b1e8959e5d895c18accf4ce2b
SHA256

3b51f5cb57c8c66d343fc1998d2df315ea84a76fafdd51b9f316cef2886f5d40
SHA512

91faedfa8b1eedd7d60783e4659f67b6b3e71af70e3e170e9373fc60bfefba45a767058b495ca9707c654938361b23bd977ba48a9f473817765bee8610e6ada0
SSDEEP

98304:ycCGK8qp1EMUeqlKnGTZwtJeEioaEyeaIyGvtF:FKdp1ueqlPwtJbioaVeYQF

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

https://bannngwko.shop/api

Targets

- Target
  
  setup.exe
- Size
  
  12.5MB
- MD5
  
  0b7e6ef92b0cfa06d61ba19b250c3c7f
- SHA1
  
  1bfe28646c8b4e20e94926ea1987d64228095bfe
- SHA256
  
  15f779bef759b5566c409ab78d4fe244dc224c669cf3f67b0b93f89520261ae7
- SHA512
  
  2711d92c167ebbb060b2025062018ec67e4f39ed7783722b84ed145e32b7c1673341f993405070dea55ead256d38d6d97512d6087cb5685358f33fab4c906d2f
- SSDEEP
  
  49152:FLfQjGFDZLiY0JXPGgqbw++DwCJXfbS8nfoD3GZvv5dQux6hICgG7vAY6xEasrEW:DLuXO1+iGZvtzpspES6EIA4anfL
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummaspywarestealer