lumma | fc85332e63607e30e7a83be0a2ccbdba4963c9eba61b1926c2beadd384d59d49 | Triage

Submit
Reports

Overview

overview

Static

static

1

minesrunner.exe

windows7-x64

minesrunner.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

minesrunner.exe.bin
Size

64.0MB
Sample

230501-ykfrtagb58
MD5

f934b2f949106109c2807115978f889a
SHA1

24847ed82ab8d1047e8ea11dbfdb187d52ed13a8
SHA256

fc85332e63607e30e7a83be0a2ccbdba4963c9eba61b1926c2beadd384d59d49
SHA512

d4aea44d3410b5c1241995e65b430e8b497ce018f3f7b083826cca2eeba40289a15c06849201ef7ead314b2d8e1c9e9f5a3dbee160ee8843cb862f02f601e4bb
SSDEEP

1572864:BjddrbW7aykqEeYFGGGz7PRFWTcDJGKJDh1248W:RfW5KeaGGGfjWTcwKMW

Score

10^/10

lumma redline infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

minesrunner.exe

Resource

win7-20230220-en

lumma redline infostealer stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

minesrunner.exe

Resource

win10v2004-20230220-en

lumma redline infostealer spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  minesrunner.exe.bin
- Size
  
  64.0MB
- MD5
  
  f934b2f949106109c2807115978f889a
- SHA1
  
  24847ed82ab8d1047e8ea11dbfdb187d52ed13a8
- SHA256
  
  fc85332e63607e30e7a83be0a2ccbdba4963c9eba61b1926c2beadd384d59d49
- SHA512
  
  d4aea44d3410b5c1241995e65b430e8b497ce018f3f7b083826cca2eeba40289a15c06849201ef7ead314b2d8e1c9e9f5a3dbee160ee8843cb862f02f601e4bb
- SSDEEP
  
  1572864:BjddrbW7aykqEeYFGGGz7PRFWTcDJGKJDh1248W:RfW5KeaGGGfjWTcwKMW
Score

10^/10

lumma redline infostealer stealer spyware
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummaredlineinfostealerstealer

behavioral2

lummaredlineinfostealerspywarestealer

© 2018-2025

Terms | Privacy