Extracted

• • Target

    Setup.exe

  • Size

    780.4MB

  • MD5

    65d41c54db9e06fea154cf2f61ef02f9

  • SHA1

    64bccbd2ab6d4b6ef54eae218356b761877c0bcf

  • SHA256

    aa68ff2a1f4cfd6c701c5b2e540dede1cb6a26db7f1ea0c6ea34b3ac48c69b54

  • SHA512

    0559cf6a3b68e94cdd5e4ecb14ea358fb3fa16ddc096c3d548935b9d8ffdbec13434aba108c9a7fdd12797c7cbc210e0c6430731102cd2576b7faf27392cacbd

  • SSDEEP

    98304:nxzHl6IRhexfKtQRIc9cUc9cUc9cUc9cUc9cUc9cUc9cUc9cUc9cUc9cUc9cUc9N:xpRMxfKtQE

  Score

  10^/10

  lummadiscoverystealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Enumerates processes with tasklist

    discovery
  behavioral1behavioral2