lumma | 8260647571aae648b61118dec247eb50b3fd6e7d7f0235b6db899ec599f55f23 | Triage

Submit
Reports

Overview

overview

Static

static

8

TradingVie...op.exe

windows7-x64

TradingVie...op.exe

windows10-2004-x64

Sharing

General

Target

TradingView_Premium_Desktop.zip
Size

130.3MB
Sample

250314-p2djca1vft
MD5

f2caaef5803d01391b9f8b8316c10260
SHA1

fb3b4d724f68bf9060431b14a7ab2a1ced7d30f7
SHA256

8260647571aae648b61118dec247eb50b3fd6e7d7f0235b6db899ec599f55f23
SHA512

669807b355453a03ebd1a46762323d0e81ea4efd253d0848833415ba5d3f90543ff1dab1de7171ed04fe47ad3d3b1c92c7ad24613c4b6986420fbc3fd2479fb1
SSDEEP

3145728:Yp8S1elf8O2gCMY7pUv0h6eyl7iuA9Cd0dndGP8YS:Yp8Skf8qYuv0EziuAMdiGA

Score

10^/10

lumma discovery macro spyware stealer xlm

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

TradingView Premium Desktop.exe

Resource

win7-20241010-en

lumma discovery spyware stealer

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

TradingView Premium Desktop.exe

Resource

win10v2004-20250313-en

lumma discovery spyware stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

lumma

C2

https://latchclan.shop/api

https://featureccus.shop/api

https://mrodularmall.top/api

https://ijowinjoinery.icu/api

https://legenassedk.top/api

https://htardwarehu.icu/api

https://cjlaspcorne.icu/api

https://bugildbett.top/api

Targets

- Target
  
  TradingView Premium Desktop.exe
- Size
  
  676.6MB
- MD5
  
  49da650eed80ed136bc6b6138100ea7e
- SHA1
  
  b6b666662e9589f545daa347939c9cbe9312b8ea
- SHA256
  
  2c04d438959cf7e075bd80d101b5405c5a0ad48143c733da30cca323a29b37f9
- SHA512
  
  97a90458688c2f3abf063d56e96f4554ba88d26edfca446b5c8a800bf6bd4fb29ed2b947d84ebb06d3e5097b0c0457e07b782c3df2cc2b19beb755910379c413
- SSDEEP
  
  24576:y3QK3COBlxYfh+bHyQVp7W2+zzxZXGOWWhMoiC3NaIhtW+nJKWRT:cVBHEgHyWqzthGOH3Jht7JKWRT
Score

10^/10

lumma discovery spyware stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoveryspywarestealer

behavioral2

lummadiscoveryspywarestealer

© 2018-2025

Terms | Privacy