lumma | 7246aefd7681d59bc981afbece29efbe31ce1aabac8c3ee6d74a4e52afcda468 | Triage

Submit
Reports

Overview

overview

Static

static

1

RMS.7.1.7....nt.msi

windows7-x64

RMS.7.1.7....nt.msi

windows10-2004-x64

RMS.7.1.7....nt.msi

windows11-21h2-x64

6

Sharing

General

Target

RMS.7.1.7.0_configured_client.msi
Size

21.5MB
Sample

241123-pan6rsvjc1
MD5

282e49971af85d26fcc453c1604dbca2
SHA1

e2fa2c353891cd1782d0237a65d86bd4ad9e811c
SHA256

7246aefd7681d59bc981afbece29efbe31ce1aabac8c3ee6d74a4e52afcda468
SHA512

486be3d725bf9828521fd883033eb1ee9c2b5cc3faee0bf8cab829deccff70c6510f92088876193ba7d3249390a4e0c166cf07850917a8fe2c1e5845a5e83705
SSDEEP

393216:p4HnfylxIDItISQ3f5W4YyGIi8224pPwpd0YDW0J9pd88lVpA:p4HaYkITCyGH822UoDW0e

Score

10^/10

lumma discovery persistence privilege_escalation stealer

Static task

static1

Behavioral task

behavioral1

Sample

RMS.7.1.7.0_configured_client.msi

Resource

win7-20241010-en

lumma discovery persistence privilege_escalation stealer

windows7-x64

23 signatures

150 seconds

Behavioral task

behavioral2

Sample

RMS.7.1.7.0_configured_client.msi

Resource

win10v2004-20241007-en

lumma discovery persistence privilege_escalation stealer

windows10-2004-x64

24 signatures

150 seconds

Behavioral task

behavioral3

Sample

RMS.7.1.7.0_configured_client.msi

Resource

win11-20241007-en

discovery persistence privilege_escalation

windows11-21h2-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  RMS.7.1.7.0_configured_client.msi
- Size
  
  21.5MB
- MD5
  
  282e49971af85d26fcc453c1604dbca2
- SHA1
  
  e2fa2c353891cd1782d0237a65d86bd4ad9e811c
- SHA256
  
  7246aefd7681d59bc981afbece29efbe31ce1aabac8c3ee6d74a4e52afcda468
- SHA512
  
  486be3d725bf9828521fd883033eb1ee9c2b5cc3faee0bf8cab829deccff70c6510f92088876193ba7d3249390a4e0c166cf07850917a8fe2c1e5845a5e83705
- SSDEEP
  
  393216:p4HnfylxIDItISQ3f5W4YyGIi8224pPwpd0YDW0J9pd88lVpA:p4HaYkITCyGH822UoDW0e
Score

10^/10

lumma discovery persistence privilege_escalation stealer
- Detect Lumma Stealer payload V2
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverypersistenceprivilege_escalationstealer

behavioral2

lummadiscoverypersistenceprivilege_escalationstealer

behavioral3

discoverypersistenceprivilege_escalation

© 2018-2025

Terms | Privacy