lumma | 7de65436f8f2c64984893abe62006fb7705efacaae538cd5fbee80e018173e97 | Triage

Submit
Reports

Overview

overview

Static

static

3

7de65436f8...97.exe

windows7-x64

7de65436f8...97.exe

windows10-2004-x64

Sharing

General

Target

7de65436f8f2c64984893abe62006fb7705efacaae538cd5fbee80e018173e97.exe
Size

24.1MB
Sample

250117-mvh45svkhq
MD5

8b98d4df7915f31157e2d83d16b1161f
SHA1

5b5da1fcaa7c6d3f3a21a3a90ca206514ffabc6a
SHA256

7de65436f8f2c64984893abe62006fb7705efacaae538cd5fbee80e018173e97
SHA512

150e9788f496c40645bafc7e1b87b7ad86b729fa2e2db0c8ef695744ad7480a20d984ac1fc2da077e860c504cd0b6cc1f5d974b68b8ec30b2b86af6db64a9622
SSDEEP

393216:uZXVLSzZdf1ln6UghRzy4lvu6tCzIBEq/QClLzSzn8xL4bU:cmzTf18VzgSEClaznM

Score

10^/10

lumma discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7de65436f8f2c64984893abe62006fb7705efacaae538cd5fbee80e018173e97.exe

Resource

win7-20240903-en

lumma discovery stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

7de65436f8f2c64984893abe62006fb7705efacaae538cd5fbee80e018173e97.exe

Resource

win10v2004-20241007-en

lumma discovery stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

lumma

C2

https://whitebeauti.shop/api

Targets

- Target
  
  7de65436f8f2c64984893abe62006fb7705efacaae538cd5fbee80e018173e97.exe
- Size
  
  24.1MB
- MD5
  
  8b98d4df7915f31157e2d83d16b1161f
- SHA1
  
  5b5da1fcaa7c6d3f3a21a3a90ca206514ffabc6a
- SHA256
  
  7de65436f8f2c64984893abe62006fb7705efacaae538cd5fbee80e018173e97
- SHA512
  
  150e9788f496c40645bafc7e1b87b7ad86b729fa2e2db0c8ef695744ad7480a20d984ac1fc2da077e860c504cd0b6cc1f5d974b68b8ec30b2b86af6db64a9622
- SSDEEP
  
  393216:uZXVLSzZdf1ln6UghRzy4lvu6tCzIBEq/QClLzSzn8xL4bU:cmzTf18VzgSEClaznM
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer

© 2018-2025

Terms | Privacy