lumma | c099d40744ac36dc33028726550955e4eaa6435897d5fa2b00d17674e18f6c20 | Triage

Submit
Reports

Overview

overview

Static

static

3

c099d40744...20.exe

windows7-x64

c099d40744...20.exe

windows10-2004-x64

Sharing

General

Target

c099d40744ac36dc33028726550955e4eaa6435897d5fa2b00d17674e18f6c20.exe
Size

23.4MB
Sample

250118-fjlmkatlcz
MD5

771bea17618f1d77d4b0cffed882352e
SHA1

569f16b1892bce91f412bf4fa13af83c96007b38
SHA256

c099d40744ac36dc33028726550955e4eaa6435897d5fa2b00d17674e18f6c20
SHA512

cd63d89287b6c438c7ce2f958a44f2179ceb4344b7ca551792f66cd0bdf41faaf3112f2d27032323a1ce4e8c8460ec4d95a8120a6d0cc35322c96f94a1c58868
SSDEEP

393216:IZX7jQEZwLHOA1cf9R0M4ZIIYNV5LZPBm9Jj/u6X2sIMC7:eRtnrPkZtXO

Score

10^/10

lumma discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c099d40744ac36dc33028726550955e4eaa6435897d5fa2b00d17674e18f6c20.exe

Resource

win7-20241023-en

lumma discovery stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

c099d40744ac36dc33028726550955e4eaa6435897d5fa2b00d17674e18f6c20.exe

Resource

win10v2004-20241007-en

lumma discovery stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

lumma

C2

https://whitebeauti.shop/api

Targets

- Target
  
  c099d40744ac36dc33028726550955e4eaa6435897d5fa2b00d17674e18f6c20.exe
- Size
  
  23.4MB
- MD5
  
  771bea17618f1d77d4b0cffed882352e
- SHA1
  
  569f16b1892bce91f412bf4fa13af83c96007b38
- SHA256
  
  c099d40744ac36dc33028726550955e4eaa6435897d5fa2b00d17674e18f6c20
- SHA512
  
  cd63d89287b6c438c7ce2f958a44f2179ceb4344b7ca551792f66cd0bdf41faaf3112f2d27032323a1ce4e8c8460ec4d95a8120a6d0cc35322c96f94a1c58868
- SSDEEP
  
  393216:IZX7jQEZwLHOA1cf9R0M4ZIIYNV5LZPBm9Jj/u6X2sIMC7:eRtnrPkZtXO
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer

© 2018-2025

Terms | Privacy