Lumma | Threat Level: critical | Type: Infostealer

Cryptographic Identifiers

SHA2563e00d5b8513932ee340679769058b5979dedebd80acde678af6a06421a0369b1
MD5a2232cb9339c0ad03d11b9c53448c75d
File Typejs
Size0.3 KB
First Seen2025-09-21
File Namefrlb.odg
Tagsc2, javascript, js, lumma

Malware Family: Lumma

LummaC2, gelişmiş MaaS infostealer'dır.

TypeInfostealer
Programming LanguageC++
Target PlatformWindows
C2 ProtocolHTTPS
PurposeKapsamlı kimlik bilgisi hırsızlığı
First Seen Year2022
AliasesLummaC2

Threat Indicators (IOC)

  • SHA256: 3e00d5b8513932ee340679769058b5979dedebd80acde678af6a06421a0369b1
  • MD5: a2232cb9339c0ad03d11b9c53448c75d

You can verify all hash values of this sample on VirusTotal.

System Cleanup Guide

  1. Disconnect the system from the network immediately
  2. Yeni bir cihazdan banka hesabı, sosyal medya ve e-posta şifrelerini değiştirin
  3. Move crypto wallets to a new address and abandon the old ones
  4. Start a full scan with up-to-date antivirus
  5. Clear saved browser passwords and enable 2FA
  6. Sign out of all sessions on every affected service

YARA Rule Hints

rule Lumma_SHA256 {
    meta:
        description = "Lumma sample: 3e00d5b8513932ee"
        threat_level = "critical"
        first_seen = "2025-09-21"
    condition:
        hash.sha256(0, filesize) == "3e00d5b8513932ee340679769058b5979dedebd80acde678af6a06421a0369b1"
}

Lumma — Malware Profile

LummaC2, gelişmiş MaaS infostealer'dır.

Malware Type
Infostealer
Programming Language
C++
C2 Protocol
HTTPS
Target Systems
Windows
Also Known As (AKA)
LummaC2

Capabilities & Behavior

Tarayıcı Kimlik Bilgileri
Çerez Hırsızlığı
Kripto Cüzdan Çalma
Sistem Bilgisi
Ekran Görüntüsü
FTP/SSH İstemci Şifreleri
E-posta İstemcisi Çalma
Veri Sızıntısı

IOC List (2 indicators)

IOC — Lumma
# SHA256 3e00d5b8513932ee340679769058b5979dedebd80acde678af6a06421a0369b1 # MD5 a2232cb9339c0ad03d11b9c53448c75d
TypeValueNote
sha256 3e00d5b8513932ee340679769058b5979dedebd80acde678af6a06421a0369b1 Sample:Lumma
md5 a2232cb9339c0ad03d11b9c53448c75d Sample:Lumma
Tags
lummainfostealermalwarecriticalsha256hash-analizi