lumma | cbfc287e66b97d1c47dd11e81b188287e086c27cc4882e0ab9d5c6eef8d60c92 | Triage

Sharing

General

Target

!ŞetUp_51286--#PaSꞨKḙy#$$.rar
Size

2.4MB
Sample

240705-rf7leascpd
MD5

cb286bd6f53e218c44ff8ec3d0658195
SHA1

969e270bc59d47cde53f281c8a5396e5bbd4cff4
SHA256

cbfc287e66b97d1c47dd11e81b188287e086c27cc4882e0ab9d5c6eef8d60c92
SHA512

7d36d872037cb57537b6e879daa236eaf3d6d8441759c1c83fb66e1c933ed1d75df903c0f82c28c19851e889d18e8fd7e3d40cd7ce3a97b550a6c8cf3b0e625e
SSDEEP

49152:uTtxttv6w91Xo6B7uokgYgiIQGlTWHR6q+vpBQNvX7jld2atGvhij3HbABpQxL9k:EtxttvT91XokDaIQGIR6fvp+X75d2aSD

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

https://unwielldyzpwo.shop/api

Targets

- Target
  
  Setup.exe
- Size
  
  1.1MB
- MD5
  
  f975a2d83d63a473fa2fc5206b66bb79
- SHA1
  
  e49d21f112ab27ae0953aff30ae122440cf164b9
- SHA256
  
  6a2d3876003f6c68f824df4f0033564d8c230716908ba2e6c06ea1dd6d5f98e8
- SHA512
  
  4af4ce56bf131432d488ed112f8858c1e1392d013c6ac0603f2fd70ed513091e35854c0f678efeab7fa9a551517c6b9698f40a92729112de4b852fa3c0c69d64
- SSDEEP
  
  12288:IbCylcTVPbi7vT1K7n6HpVkg8KHIo5u0K1VmMxEnbuvuY2jTU+LHMA+nk2oG1ts:4lcTVPbikTMkg8KH/mmMxnvfphx8
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummaspywarestealer