Extracted

• • Target

    Upd_156_983_15.msi

  • Size

    1.3MB

  • MD5

    0cd2b95df897bd2037edff092699e169

  • SHA1

    18c5d3394d9260c2641e06a58847b7a2818b8174

  • SHA256

    3e50b308a6366677b3fed9579f8f13dc721ae30b1534591c0ce5e083c1923a9f

  • SHA512

    b3015d2beb30d841f0fc1a46baf7b56664c23e10538b519b791d9cc9fc86602811d52eb328c3d7e0832d5dece0019e01985e0e97a63037217574e475f93c95b1

  • SSDEEP

    24576:3z+Xe8tCex83Si8UCROEYG3VKcoBR9RXawxz6X3pvtL7rPVU6fB6bAogJQOVe:3D8tCq83KFROEUcoBRqwxMpvt/rPVRB8

  Score

  10^/10

  lummadiscoverypersistenceprivilege_escalationstealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Blocklisted process makes network request

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2