lumma | c002664469a48ede06c57b592a27b496bfc3cccb75e3fa468d4b3cf562563fc1 | Triage

Submit
Reports

Overview

overview

Static

static

3

c002664469...c1.exe

windows7-x64

c002664469...c1.exe

windows10-2004-x64

Sharing

General

Target

c002664469a48ede06c57b592a27b496bfc3cccb75e3fa468d4b3cf562563fc1.exe
Size

14.4MB
Sample

250110-rf7leawmfw
MD5

191294c00be02e5bf0807dc1cf52c53a
SHA1

5dbfe490dcc65b2107f9bc0461c9e6767463795a
SHA256

c002664469a48ede06c57b592a27b496bfc3cccb75e3fa468d4b3cf562563fc1
SHA512

7bbefd4dc19290e454e3f4b08eb5f7faf904639a441d96f74c3973db0302a240192e31cf55c3939c7a70e024199754f084eb68a2ecccc0aea803da6a46025bdc
SSDEEP

393216:8ZnXkkkXBPkVr/zc5Vk1LJG9+ydIaxbDdVUD5:8ZXJqkVr/zc521LJG9+ydIIbhGD5

Score

10^/10

lumma discovery evasion stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c002664469a48ede06c57b592a27b496bfc3cccb75e3fa468d4b3cf562563fc1.exe

Resource

win7-20240903-en

lumma discovery evasion stealer trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

c002664469a48ede06c57b592a27b496bfc3cccb75e3fa468d4b3cf562563fc1.exe

Resource

win10v2004-20241007-en

lumma discovery stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

lumma

C2

https://p3ar11fter.sbs/api

https://3xp3cts1aim.sbs/api

https://owner-vacat10n.sbs/api

https://peepburry828.sbs/api

https://p10tgrace.sbs/api

https://befall-sm0ker.sbs/api

https://librari-night.sbs/api

https://processhol.sbs/api

https://cashju1cyh0.cyou/api

Targets

- Target
  
  c002664469a48ede06c57b592a27b496bfc3cccb75e3fa468d4b3cf562563fc1.exe
- Size
  
  14.4MB
- MD5
  
  191294c00be02e5bf0807dc1cf52c53a
- SHA1
  
  5dbfe490dcc65b2107f9bc0461c9e6767463795a
- SHA256
  
  c002664469a48ede06c57b592a27b496bfc3cccb75e3fa468d4b3cf562563fc1
- SHA512
  
  7bbefd4dc19290e454e3f4b08eb5f7faf904639a441d96f74c3973db0302a240192e31cf55c3939c7a70e024199754f084eb68a2ecccc0aea803da6a46025bdc
- SSDEEP
  
  393216:8ZnXkkkXBPkVr/zc5Vk1LJG9+ydIaxbDdVUD5:8ZXJqkVr/zc521LJG9+ydIIbhGD5
Score

10^/10

lumma discovery evasion stealer trojan
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Blocklisted process makes network request
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoveryevasionstealertrojan

behavioral2

lummadiscoverystealer

© 2018-2025

Terms | Privacy