Pulse Detail — Threat Intelligence

PULSE NAME

IOC - Unmasking The 64-bit Variant of the Infamous Lumma Stealer

WHITE Lumma Stealer celestre 2026-04-09 Modified: 2026-04-09

IOCs

HIGH VOLUME

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1055 T1027 T1082 T1055.002 T1005 T1497.001 T1573 T1102 T1106 T1134.001 T1555.003 T1555 T1539 T1027.002 T1071.001 T1497 T1185 T1140 T1564.003

MALWARE FAMILIES

Tenzor Lumma Stealer Remus Rhadamanthys AuraStealer VoidStealer

Indicators of Compromise (89)

All FileHash-SHA1 FileHash-SHA256 IPv4 URL domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA1	488d058bcc8d02488901488b024889415b488d41	—	2026-04-09
FileHash-SHA256	002f714f93bed53f165129a820c2d5b72227f1cafac43be19e5e223ce219a5e1	—	2026-04-09
FileHash-SHA256	0580ebf601989457f0708799b431fd4d9f5e59d98838282d72936099aa6636da	—	2026-04-09
FileHash-SHA256	066c4ab954fc1270ee62c0d7c582c4c691e58e0ffef0c654bc204a46e440d16d	—	2026-04-09
FileHash-SHA256	0683f353cf3e101f721f1658e2a554ff7888ff9f2c32e23ceb3d23876864a264	—	2026-04-09
FileHash-SHA256	0a8f734f10400f7ae8fef591147e78dab6350089683be84c1cb6c82113cb1319	—	2026-04-09
FileHash-SHA256	25e74a76f2f3601abcb20fd743a7e3cf3befd5a3838c7501af5d87d293233809	—	2026-04-09
FileHash-SHA256	4428c3ffe2532f162f31d7573bbc1cca2299195421da3d8e8a3e535e9fc42b08	—	2026-04-09
FileHash-SHA256	484e3ab5d425a97819f01dcc330e005dc444c51625bfdcd7ea9a3954018d1fc9	—	2026-04-09
FileHash-SHA256	64db10e76b46be8db36e02993d36559bc3f86606c9ea955731872b716c8f0c69	—	2026-04-09
FileHash-SHA256	788b56e9be2f1dd6a977dce0265f293ab42d3e8ffb287ab584e169fbf115da1f	—	2026-04-09
FileHash-SHA256	8653d7158486aa10fc0078c3ca9318cd7ace05d4b3e6f3b1fb84ffb7a6a339ec	—	2026-04-09
FileHash-SHA256	8b6b238ffa6e411229c6754ba99f7b990c49edfb2c34068ce0ac5564824d71ad	—	2026-04-09
FileHash-SHA256	a4f111e5425690fcd384c62ecb5b57b0f645925572af3541748e01d810cd2b40	—	2026-04-09
FileHash-SHA256	ab2e47720388fa201e242552f8d8b82363c6c52f6c63fa3fec9dce027cb12e77	—	2026-04-09
FileHash-SHA256	b037fa1dd769891b538d9ca26131890c93e3458eec96c5354bdebe50d04a5b3d	—	2026-04-09
FileHash-SHA256	bc11d036fe59abb3915f736307c56d2fd43e8127e46c31f926eeda864f4d66dc	—	2026-04-09
FileHash-SHA256	c3f7cea80dbafaa90a88b28a6dfb1227caaf5c2a29f0ce06bf663d6ed2cfc079	—	2026-04-09
FileHash-SHA256	cab7855ccfca19a06eea76e0e170f592dcc95906ecfa5436f5a11947e04e63d5	—	2026-04-09
FileHash-SHA256	dbf6facd28406361a6a81417b3ff5eb272ccc8dcc58a36bd5335a253ae4bf036	—	2026-04-09
IPv4	217.156.122.12	—	2026-04-09
IPv4	217.156.122.57	—	2026-04-09
IPv4	217.156.122.75	—	2026-04-09
IPv4	45.151.106.110	—	2026-04-09
IPv4	80.97.160.155	—	2026-04-09
IPv4	86.107.168.103	—	2026-04-09
URL	http://adveryx.biz:6573	—	2026-04-09
URL	http://backbou.biz:5902	—	2026-04-09
URL	http://baxe.pics:48261	—	2026-04-09
URL	http://borscer.biz:9592	—	2026-04-09
URL	http://buccstanor.pics:28313	—	2026-04-09
URL	http://buccstanor.pics:48261	—	2026-04-09
URL	http://chalx.live:5902	—	2026-04-09
URL	http://chromap.biz:4219	—	2026-04-09
URL	http://coox.live:28313	—	2026-04-09
URL	http://drymoge.biz:4192	—	2026-04-09
URL	http://forestoaker.com:6290	—	2026-04-09
URL	http://gluckcreek.online:48261	—	2026-04-09
URL	http://intem.lat:9592	—	2026-04-09
URL	http://interxo.biz:7481	—	2026-04-09
URL	http://josegza.biz:8521	—	2026-04-09
URL	http://krondez.com:28982	—	2026-04-09
URL	http://lazzo.bet:3989	—	2026-04-09
URL	http://managew.biz:5902	—	2026-04-09
URL	http://navelum.biz:3201	—	2026-04-09
URL	http://nitroca.biz:6782	—	2026-04-09
URL	http://outcrol.biz:4895	—	2026-04-09
URL	http://padaz.pics:4219	—	2026-04-09
URL	http://parky.pics:3989	—	2026-04-09
URL	http://prickaz.biz:2039	—	2026-04-09
URL	http://remnane.biz:5692	—	2026-04-09
URL	http://ropea.top:28313	—	2026-04-09
URL	http://siltsoh.biz:7481	—	2026-04-09
URL	http://texakgi.cloud:3849	—	2026-04-09
URL	http://vinte.online:28313	—	2026-04-09
URL	http://woodena.biz:7821	—	2026-04-09
URL	http://zadno.run:4219	—	2026-04-09
domain	adveryx.biz	—	2026-04-09
domain	backbou.biz	—	2026-04-09
domain	baxe.pics	—	2026-04-09
domain	borscer.biz	—	2026-04-09
domain	buccstanor.pics	—	2026-04-09
domain	chalx.live	—	2026-04-09
domain	cheekiez.biz	—	2026-04-09
domain	chromap.biz	—	2026-04-09
domain	coox.live	—	2026-04-09
domain	drymoge.biz	—	2026-04-09
domain	forestoaker.com	—	2026-04-09
domain	gluckcreek.online	—	2026-04-09
domain	intem.lat	—	2026-04-09
domain	interxo.biz	—	2026-04-09
domain	josegza.biz	—	2026-04-09
domain	krondez.com	—	2026-04-09
domain	lazzo.bet	—	2026-04-09
domain	managew.biz	—	2026-04-09
domain	navelum.biz	—	2026-04-09
domain	nitroca.biz	—	2026-04-09
domain	nobleckly.biz	—	2026-04-09
domain	outcrol.biz	—	2026-04-09
domain	padaz.pics	—	2026-04-09
domain	parky.pics	—	2026-04-09
domain	prickaz.biz	—	2026-04-09
domain	remnane.biz	—	2026-04-09
domain	ropea.top	—	2026-04-09
domain	siltsoh.biz	—	2026-04-09
domain	texakgi.cloud	—	2026-04-09
domain	vinte.online	—	2026-04-09
domain	woodena.biz	—	2026-04-09
domain	zadno.run	—	2026-04-09

References (1)

↗ https://www.gendigital.com/blog/insights/research/remus-64bit-variant-of-lumma-stealer