lumma | 0727ba01eded2fa07f3f2bbb00a8c18080b3227971d4701980bdfa33de9275b9 | Triage

Submit
Reports

Overview

overview

Static

static

3

crack wond...ck.exe

windows7-x64

7

crack wond...ck.exe

windows10-2004-x64

Sharing

General

Target

0727ba01eded2fa07f3f2bbb00a8c18080b3227971d4701980bdfa33de9275b9.zip
Size

13.5MB
Sample

250107-ag36yaxjgl
MD5

72a206c6f443c6bf811f3426ca5969d6
SHA1

cbf4b1bfbf635eae3b022cb7b9d7ea7e03e0565e
SHA256

0727ba01eded2fa07f3f2bbb00a8c18080b3227971d4701980bdfa33de9275b9
SHA512

3ad9b5722b838e2ca65f9a7c9996f95f7594992bbf6d1d5fb543b01c59c1edc32f29690ac40cb1e055620b3f3b2ef95b928f806899923d610c726a7def095f9b
SSDEEP

393216:BacYKguWwoWWt1/FwP/o01eR/erOqQlG4HJy1FO5LD:qKCFwnGR/eqqX4QmD

Score

10^/10

lumma discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

crack wondershare dr.fone toolkit for pc 15.9.10.95 full crack.exe

Resource

win7-20240903-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

crack wondershare dr.fone toolkit for pc 15.9.10.95 full crack.exe

Resource

win10v2004-20241007-en

lumma discovery stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

lumma

C2

https://detailshaeje.cfd/api

Targets

- Target
  
  crack wondershare dr.fone toolkit for pc 15.9.10.95 full crack.exe
- Size
  
  807.2MB
- MD5
  
  91ea85045bed32320ebc43dc0398afa1
- SHA1
  
  9b7e8c769adcdd372006f0c89c869f7c49935218
- SHA256
  
  40ff158b6248f773708b4c57d2a5e84f04dcb6eeec667c46569564b8b3e0f13d
- SHA512
  
  98628e802375c65533a8ac33d87ef73241408a6de6693946b554eaabbb919aa289e38a4703f002f686f31e3208b0f70bf6cfd6fb645d190c6ef4cd813ec436ab
- SSDEEP
  
  196608:26l95am32MjAw+rqqP47AMJicPHUqCA4liQ2nf0R5e6o/Zg68SfJgZA4E/c5lh+y:jUxMBhTQMOOWf+/0x4J
Score

10^/10

discovery lumma stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummadiscoverystealer

© 2018-2025

Terms | Privacy