Extracted

• • Target

    RobloxMultiTools.exe

  • Size

    12.5MB

  • MD5

    45d576abe2e3f352d223acb0ad9f6d4a

  • SHA1

    976f70c23234bf137986fb19d70d3681cb6e0813

  • SHA256

    eb345cb0554a5bb84cb86c8cf97a6eb924f71bf6c8d703933af918a42068972d

  • SHA512

    961363eb7e1acdd54e1f62dbffa45eef231281879d609e013d9527d8283b2d98f0c1a792dedf18ccfb1bcdd4ed52371e16ab38b8e7de26a942efda8be8bad638

  • SSDEEP

    196608:0qw6MYxS0KY8dM5n7FuaDUg8pqIGjZYgkCnWInnjKFnAtyVAEyUX7HJW5cYx8:1MIMdM5n78KjXkCnWIeAXEyUrpW5n6

  Score

  10^/10

  lummadiscoverypyinstallerstealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2