Lumma | Threat Level: critical | Type: Infostealer

Cryptographic Identifiers

SHA25674ca9dfc8d054f774c9b916eaaa138e4b06fa6b2aa7bdd3d5de56e49e65ae5be
MD55dab3694fa4709720c988b386061450c
File Typeexe
Size1104.5 KB
First Seen2025-12-08
File NameSetup.exe
Tagsexe, lumma

Malware Family: Lumma

LummaC2, gelişmiş MaaS infostealer'dır.

TypeInfostealer
Programming LanguageC++
Target PlatformWindows
C2 ProtocolHTTPS
PurposeKapsamlı kimlik bilgisi hırsızlığı
First Seen Year2022
AliasesLummaC2

Threat Indicators (IOC)

  • SHA256: 74ca9dfc8d054f774c9b916eaaa138e4b06fa6b2aa7bdd3d5de56e49e65ae5be
  • MD5: 5dab3694fa4709720c988b386061450c

You can verify all hash values of this sample on VirusTotal.

System Cleanup Guide

  1. Disconnect the system from the network immediately
  2. Yeni bir cihazdan banka hesabı, sosyal medya ve e-posta şifrelerini değiştirin
  3. Move crypto wallets to a new address and abandon the old ones
  4. Start a full scan with up-to-date antivirus
  5. Clear saved browser passwords and enable 2FA
  6. Sign out of all sessions on every affected service

YARA Rule Hints

rule Lumma_SHA256 {
    meta:
        description = "Lumma sample: 74ca9dfc8d054f77"
        threat_level = "critical"
        first_seen = "2025-12-08"
    condition:
        hash.sha256(0, filesize) == "74ca9dfc8d054f774c9b916eaaa138e4b06fa6b2aa7bdd3d5de56e49e65ae5be"
}

Lumma — Malware Profile

LummaC2, gelişmiş MaaS infostealer'dır.

Malware Type
Infostealer
Programming Language
C++
C2 Protocol
HTTPS
Target Systems
Windows
Also Known As (AKA)
LummaC2

Capabilities & Behavior

Tarayıcı Kimlik Bilgileri
Çerez Hırsızlığı
Kripto Cüzdan Çalma
Sistem Bilgisi
Ekran Görüntüsü
FTP/SSH İstemci Şifreleri
E-posta İstemcisi Çalma
Veri Sızıntısı

IOC List (2 indicators)

IOC — Lumma
# SHA256 74ca9dfc8d054f774c9b916eaaa138e4b06fa6b2aa7bdd3d5de56e49e65ae5be # MD5 5dab3694fa4709720c988b386061450c
TypeValueNote
sha256 74ca9dfc8d054f774c9b916eaaa138e4b06fa6b2aa7bdd3d5de56e49e65ae5be Sample:Lumma
md5 5dab3694fa4709720c988b386061450c Sample:Lumma
Tags
lummainfostealermalwarecriticalsha256hash-analizi