lumma | 3bdc57e936012fc092277a2e3d719e4ef00d476198f13d1fff180b6c49f81a6d | Triage

Submit
Reports

Overview

overview

Static

static

1

Setup.exe

windows10-ltsc 2021-x64

Setup.exe

windows11-21h2-x64

Sharing

General

Target

Setup.exe
Size

70.0MB
Sample

250102-2zttrsyqay
MD5

f12e87197e19cb59d8495f03cac277b2
SHA1

34eb2318335988399bc25702a0d557f8c3101f11
SHA256

3bdc57e936012fc092277a2e3d719e4ef00d476198f13d1fff180b6c49f81a6d
SHA512

eecbecbd873e24221ca28dfbbb9edb5b33853c5790e7ec8342e19e969f0077d9d2528a7c13b4e9f4e0b4386508a9efcc95fb9ff1d4744f45f84141f2838f2b68
SSDEEP

24576:cv29nUaE0Nkgh3hiC3zfJhS+bQfn+pVqo7VaLGL/23ry:ywnUCdhx9c/+pVlhaiCu

Score

10^/10

lumma discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win10ltsc2021-20241211-fr

lumma discovery stealer

windows10-ltsc 2021-x64

20 signatures

300 seconds

Behavioral task

behavioral2

Sample

Setup.exe

Resource

win11-20241007-fr

lumma discovery stealer

windows11-21h2-x64

18 signatures

300 seconds

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

C2

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  Setup.exe
- Size
  
  70.0MB
- MD5
  
  f12e87197e19cb59d8495f03cac277b2
- SHA1
  
  34eb2318335988399bc25702a0d557f8c3101f11
- SHA256
  
  3bdc57e936012fc092277a2e3d719e4ef00d476198f13d1fff180b6c49f81a6d
- SHA512
  
  eecbecbd873e24221ca28dfbbb9edb5b33853c5790e7ec8342e19e969f0077d9d2528a7c13b4e9f4e0b4386508a9efcc95fb9ff1d4744f45f84141f2838f2b68
- SSDEEP
  
  24576:cv29nUaE0Nkgh3hiC3zfJhS+bQfn+pVqo7VaLGL/23ry:ywnUCdhx9c/+pVlhaiCu
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer

© 2018-2025

Terms | Privacy