Lumma | Threat Level: critical | Type: Infostealer

Cryptographic Identifiers

SHA2565762b29db8dc3a8985d0bf4c1705f3ae2bef29ae5b63fcbfd7d2a846bfdce719
MD5878dcbf380902c13ba1b03a6b954f406
File Typeexe
Size1792.5 KB
First Seen2025-08-05
File Namev9d9d.exe
Tagsexe, lumma, xworm

Malware Family: Lumma

LummaC2, gelişmiş MaaS infostealer'dır.

TypeInfostealer
Programming LanguageC++
Target PlatformWindows
C2 ProtocolHTTPS
PurposeKapsamlı kimlik bilgisi hırsızlığı
First Seen Year2022
AliasesLummaC2

Threat Indicators (IOC)

  • SHA256: 5762b29db8dc3a8985d0bf4c1705f3ae2bef29ae5b63fcbfd7d2a846bfdce719
  • MD5: 878dcbf380902c13ba1b03a6b954f406

You can verify all hash values of this sample on VirusTotal.

System Cleanup Guide

  1. Disconnect the system from the network immediately
  2. Yeni bir cihazdan banka hesabı, sosyal medya ve e-posta şifrelerini değiştirin
  3. Move crypto wallets to a new address and abandon the old ones
  4. Start a full scan with up-to-date antivirus
  5. Clear saved browser passwords and enable 2FA
  6. Sign out of all sessions on every affected service

YARA Rule Hints

rule Lumma_SHA256 {
    meta:
        description = "Lumma sample: 5762b29db8dc3a89"
        threat_level = "critical"
        first_seen = "2025-08-05"
    condition:
        hash.sha256(0, filesize) == "5762b29db8dc3a8985d0bf4c1705f3ae2bef29ae5b63fcbfd7d2a846bfdce719"
}

Lumma — Malware Profile

LummaC2, gelişmiş MaaS infostealer'dır.

Malware Type
Infostealer
Programming Language
C++
C2 Protocol
HTTPS
Target Systems
Windows
Also Known As (AKA)
LummaC2

Capabilities & Behavior

Tarayıcı Kimlik Bilgileri
Çerez Hırsızlığı
Kripto Cüzdan Çalma
Sistem Bilgisi
Ekran Görüntüsü
FTP/SSH İstemci Şifreleri
E-posta İstemcisi Çalma
Veri Sızıntısı

IOC List (2 indicators)

IOC — Lumma
# SHA256 5762b29db8dc3a8985d0bf4c1705f3ae2bef29ae5b63fcbfd7d2a846bfdce719 # MD5 878dcbf380902c13ba1b03a6b954f406
TypeValueNote
sha256 5762b29db8dc3a8985d0bf4c1705f3ae2bef29ae5b63fcbfd7d2a846bfdce719 Sample:Lumma
md5 878dcbf380902c13ba1b03a6b954f406 Sample:Lumma
Tags
lummainfostealermalwarecriticalsha256hash-analizi