lumma | 1c9140a0d2304adf5a9473b4d0d85e7dad564dbb1cfac21de272a93d214c8245 | Triage

Submit
Reports

Overview

overview

Static

static

9

𝙓3𝙉�...��.zip

windows11-21h2-x64

Resubmissions

08/03/2025, 15:37

250308-s2xtrsyrz3 10

08/03/2025, 08:36

250308-khk2vstyfx 10

Sharing

General

Target

𝙓3𝙉𝙊-𝙑1.1.5-𝙓64-𝙍3𝙇𝙀𝘼𝙎𝙀.zip
Size

43.4MB
Sample

250308-khk2vstyfx
MD5

e3f02a42327b0d91c6d82869825dfccf
SHA1

fe7fa671b244d692eabc181d6ea5960031fa6466
SHA256

1c9140a0d2304adf5a9473b4d0d85e7dad564dbb1cfac21de272a93d214c8245
SHA512

a0f04836bcb272598453707bd7c45344985eebaf11d879bd3ab03d584a29cbb7d72305ae91c0912fe1d7e600e970f26ac648532d6690396a7bf47216cc9a424f
SSDEEP

786432:g5FQV7tUfYmV/AQTPdUy6F6hgxMLO2ZlA/jcG3mcM/68O0OkU6w7Lv:6QnUfFddUy1uxMLO2ZlA/jcGWv/6Byq3

Score

10^/10

lumma cryptone discovery packer spyware stealer

Static task

static1

cryptone packer

2 signatures

Behavioral task

behavioral1

Sample

𝙓3𝙉𝙊-𝙑1.1.5-𝙓64-𝙍3𝙇𝙀𝘼𝙎𝙀.zip

Resource

win11-20250217-en

lumma cryptone discovery packer spyware stealer

windows11-21h2-x64

20 signatures

600 seconds

Malware Config

Extracted

Family

lumma

C2

https://tonedanswered.today/api

https://begindecafer.world/api

https://garagedrootz.top/api

https://modelshiverd.icu/api

https://arisechairedd.shop/api

https://catterjur.run/api

https://orangemyther.live/api

https://fostinjec.today/api

https://sterpickced.digital/api

Targets

- Target
  
  𝙓3𝙉𝙊-𝙑1.1.5-𝙓64-𝙍3𝙇𝙀𝘼𝙎𝙀.zip
- Size
  
  43.4MB
- MD5
  
  e3f02a42327b0d91c6d82869825dfccf
- SHA1
  
  fe7fa671b244d692eabc181d6ea5960031fa6466
- SHA256
  
  1c9140a0d2304adf5a9473b4d0d85e7dad564dbb1cfac21de272a93d214c8245
- SHA512
  
  a0f04836bcb272598453707bd7c45344985eebaf11d879bd3ab03d584a29cbb7d72305ae91c0912fe1d7e600e970f26ac648532d6690396a7bf47216cc9a424f
- SSDEEP
  
  786432:g5FQV7tUfYmV/AQTPdUy6F6hgxMLO2ZlA/jcG3mcM/68O0OkU6w7Lv:6QnUfFddUy1uxMLO2ZlA/jcGWv/6Byq3
Score

10^/10

lumma cryptone discovery packer spyware stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Executes dropped EXE
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates processes with tasklist
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummacryptonediscoverypackerspywarestealer

© 2018-2025

Terms | Privacy