Extracted

• • Target

    d422626abd6f10fabbf6053e49c273129587843f49802b7f2123fa3907488fbf.exe

  • Size

    2.5MB

  • MD5

    3c183fbdc12ad0c81f49430831397ee1

  • SHA1

    1a156eca31ac583bf1b94fdf3e5b13e12132fd8f

  • SHA256

    d422626abd6f10fabbf6053e49c273129587843f49802b7f2123fa3907488fbf

  • SHA512

    9a967699b90151129c50b0b9ff2344c4f3c84bda805fbfdfe15c6c44ea814c40ea0bfe39b43f8cfc1c7c5937534ac63e9744e78f12bed60b31147b6124a263ce

  • SSDEEP

    49152:eQFprsWGIHAxqOx6V8KG0b1yMGgxqOx6V8KG0b1yMG:eKprsWTFOsKsnGFOsKsnG

  Score

  10^/10

  discoverylummastealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2