Lumma | Threat Level: critical | Type: Infostealer

Cryptographic Identifiers

SHA256de394f9e0c1093bed15cff64dd662bd53fcbe1909ecd0eafce46420b4f6078aa
MD5caba793799075bdc21a6cb9070fff4ef
File Typeexe
Size337.0 KB
First Seen2025-08-05
File Namel.exe
Tagsexe, lumma, LummaStealer

Malware Family: Lumma

LummaC2, gelişmiş MaaS infostealer'dır.

TypeInfostealer
Programming LanguageC++
Target PlatformWindows
C2 ProtocolHTTPS
PurposeKapsamlı kimlik bilgisi hırsızlığı
First Seen Year2022
AliasesLummaC2

Threat Indicators (IOC)

  • SHA256: de394f9e0c1093bed15cff64dd662bd53fcbe1909ecd0eafce46420b4f6078aa
  • MD5: caba793799075bdc21a6cb9070fff4ef

You can verify all hash values of this sample on VirusTotal.

System Cleanup Guide

  1. Disconnect the system from the network immediately
  2. Yeni bir cihazdan banka hesabı, sosyal medya ve e-posta şifrelerini değiştirin
  3. Move crypto wallets to a new address and abandon the old ones
  4. Start a full scan with up-to-date antivirus
  5. Clear saved browser passwords and enable 2FA
  6. Sign out of all sessions on every affected service

YARA Rule Hints

rule Lumma_SHA256 {
    meta:
        description = "Lumma sample: de394f9e0c1093be"
        threat_level = "critical"
        first_seen = "2025-08-05"
    condition:
        hash.sha256(0, filesize) == "de394f9e0c1093bed15cff64dd662bd53fcbe1909ecd0eafce46420b4f6078aa"
}

Lumma — Malware Profile

LummaC2, gelişmiş MaaS infostealer'dır.

Malware Type
Infostealer
Programming Language
C++
C2 Protocol
HTTPS
Target Systems
Windows
Also Known As (AKA)
LummaC2

Capabilities & Behavior

Tarayıcı Kimlik Bilgileri
Çerez Hırsızlığı
Kripto Cüzdan Çalma
Sistem Bilgisi
Ekran Görüntüsü
FTP/SSH İstemci Şifreleri
E-posta İstemcisi Çalma
Veri Sızıntısı

IOC List (2 indicators)

IOC — Lumma
# SHA256 de394f9e0c1093bed15cff64dd662bd53fcbe1909ecd0eafce46420b4f6078aa # MD5 caba793799075bdc21a6cb9070fff4ef
TypeValueNote
sha256 de394f9e0c1093bed15cff64dd662bd53fcbe1909ecd0eafce46420b4f6078aa Sample:Lumma
md5 caba793799075bdc21a6cb9070fff4ef Sample:Lumma
Tags
lummainfostealermalwarecriticalsha256hash-analizi