Extracted

• • Target

    instaII.exe

  • Size

    19.1MB

  • MD5

    98099292ac1b0f59c50e291da7f5d05c

  • SHA1

    38fbb9aeb808e9c2a6bd0200160908e2e4e2d0a7

  • SHA256

    3bcf8487cbee03221ff01420d41a3cc70efc76f3c2998b3db3e5caf8da1cc7b7

  • SHA512

    cbf562bd4e49d8c1d3b639f98b038fcff2dd67db5fcbc50db2694e5658f623e3b6b44412a8b3c832d65433356e794808245ab978f1a100ff59045a91b1beefe6

  • SSDEEP

    393216:D0PEXATwC1VgQPhXHHf5/pp0xf3DAjZS587zVoHxu/A3g7kTk5lj:D8sC15f9pOf3eZS27zVoHxcog7ukD

  Score

  10^/10

  discoverylummaspywarestealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2