lumma | 0914e92d15507742da4feef71b1b21230138b450e334855cd980f46b394c4f71 | Triage

Sharing

General

Target

file.exe
Size

9.9MB
Sample

240709-dvrlvawcqc
MD5

1f1f4fe201d22d5a3780966ed7244fea
SHA1

176268a77d1496ae64d97467887c494e08dd57a8
SHA256

0914e92d15507742da4feef71b1b21230138b450e334855cd980f46b394c4f71
SHA512

eeec7d6faaad7be0d02e6a7068dd2e667790fa45c1aa80cb23ff497595010a8766601b93a2a93ac3b2943a098090a2515e9b729e1de94d9247b1b40f0d057317
SSDEEP

98304:DFyisqTCKL5RhT3cyQBpU6nEU8/m5xLg:kWjLpjcyQLU6EU

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

https://radiationnopp.shop/api

Targets

- Target
  
  file.exe
- Size
  
  9.9MB
- MD5
  
  1f1f4fe201d22d5a3780966ed7244fea
- SHA1
  
  176268a77d1496ae64d97467887c494e08dd57a8
- SHA256
  
  0914e92d15507742da4feef71b1b21230138b450e334855cd980f46b394c4f71
- SHA512
  
  eeec7d6faaad7be0d02e6a7068dd2e667790fa45c1aa80cb23ff497595010a8766601b93a2a93ac3b2943a098090a2515e9b729e1de94d9247b1b40f0d057317
- SSDEEP
  
  98304:DFyisqTCKL5RhT3cyQBpU6nEU8/m5xLg:kWjLpjcyQLU6EU
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummaspywarestealer