Extracted

• • Target

    Eclipsе.zip

  • Size

    18.9MB

  • MD5

    e7c0d076502f074c70c78465bffccb72

  • SHA1

    2785ae9ea0662184bebf8132dccbfac4d277e845

  • SHA256

    48bb56a44a813810a6465aaef162f304a167b8ead478f625c29c19c0f071f130

  • SHA512

    9397a938410ab6ed759a073124eb8fc08751adcafbb58e810b66f56d5db91ba87360b883f69b7c8bdc46eb95de2a75ed7433a6f33603853efe7dfa12eeb7cb0b

  • SSDEEP

    393216:QK71T6i8lbHsbXdT95s0l4OsEQiS4RagjYUl7/wGyodpSQsznU+HWLsyDyF/B9C8:QRlQdR5Rlx84RaIVl7zDdwzn92LKB+kb

  Score

  10^/10

  lummadiscoveryexecutionpersistencestealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2