lumma | e03518acef8a2fecee311fac04e11943e8b219815f02224a4ae30d5ecccf0f90 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

crypted.exe

windows10-1703-x64

crypted.exe

windows7-x64

3

crypted.exe

windows11-21h2-x64

5

Sharing

General

Target

crypted.exe
Size

519KB
Sample

240526-174s9sfa38
MD5

1b1c7e6e96667a6a758b22d444de57a7
SHA1

3eafd122d0814ee5aeb35a9bce975805a8cf6744
SHA256

e03518acef8a2fecee311fac04e11943e8b219815f02224a4ae30d5ecccf0f90
SHA512

2ed665526ec20b8c3d8a6854e25bcf44755e4bfd8f34b3770c3694e4b9cd8b2ad85d130830cb298aa18521f30038ef47e5d93225a5eb14039670f5ef626f91f7
SSDEEP

12288:ar9mi27cWO4AEcI9cCHEAJtv9QXmuP16k:6mfemcCflO1

Score

10^/10

lumma stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

crypted.exe

Resource

win10-20240404-en

windows10-1703-x64

21 signatures

300 seconds

Behavioral task

behavioral2

Sample

crypted.exe

Resource

win7-20240508-en

windows7-x64

9 signatures

300 seconds

Behavioral task

behavioral3

Sample

crypted.exe

Resource

win11-20240508-en

windows11-21h2-x64

2 signatures

300 seconds

Malware Config

Extracted

Family

lumma

C2

https://employhabragaomlsp.shop/api

https://museumtespaceorsp.shop/api

https://buttockdecarderwiso.shop/api

https://averageaattractiionsl.shop/api

https://femininiespywageg.shop/api

https://stalfbaclcalorieeis.shop/api

https://civilianurinedtsraov.shop/api

https://roomabolishsnifftwk.shop/api

Targets

- Target
  
  crypted.exe
- Size
  
  519KB
- MD5
  
  1b1c7e6e96667a6a758b22d444de57a7
- SHA1
  
  3eafd122d0814ee5aeb35a9bce975805a8cf6744
- SHA256
  
  e03518acef8a2fecee311fac04e11943e8b219815f02224a4ae30d5ecccf0f90
- SHA512
  
  2ed665526ec20b8c3d8a6854e25bcf44755e4bfd8f34b3770c3694e4b9cd8b2ad85d130830cb298aa18521f30038ef47e5d93225a5eb14039670f5ef626f91f7
- SSDEEP
  
  12288:ar9mi27cWO4AEcI9cCHEAJtv9QXmuP16k:6mfemcCflO1
Score

10^/10

lumma stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

© 2018-2025

Terms | Privacy