LummaC2 - universal stealer, a malware for professionals.

LummaC2 - universal stealer, a malware for professionals.

LummaC2 Seller

LummaC2 is a new generation stealer, average knock 75-85%, works even on clean systems, no dependencies (AT ALL), log decryption on the server, build weight 150-300KB, steals Chromium and Mozilla based browsers, steals ~70 browser cryptocurrency and 2FA extensions, has a non-resident Loader, low-level adaptive filegrabber, and the latest unique development - BINARY MORPHER. 

LummaC2 is updated literally every two hours, add your specific browser or your specific extension - 2 clicks!

Technical information:​

  • The language used in the development of this product is C
  • Virtually no high-level WINAPI is used
  • The product is on the most powerful servers with anti-DDoS protection.
  • All decryption is completely server-based, all data transmitted by the stealer is decrypted on the server.
  • In order to increase chunking, data is sent in chunks.
  • The weight of the build is 150-300KB, CRT is present but not used, on request if you care about weight, link CRT from another studio, the weight will decrease in the process, UPX will compress the build to 80KB, but it is not recommended to do this procedure
  • A neighbor detection system is available, as well as a traffic quality monitoring system
  • System calls support ARM, x86, x64 architectures
  • Stealer works on operating system versions from Windows 7 x32 to Windows 11 x64 with the latest updates.
  • There is a knock in Telegram bot / channel, both about the arrival of the log, and the log itself
  • All interaction with the OS is done through calls to a low-level wrapper written in ASM over system calls, no WinAPI only manual syscall calls (corporate rate).
  • Where WinAPI is used - its calls are encrypted (read custom GetProcAddress)
  • Implemented Heavens Gate technology allowing to switch from WoW64 mode (corporate tariff)
  • Spreading without crypt protection
  • DomainDetect is included in the log format
  • Build is covered by default by our binary morpher with Control flow.
  • Non-residential Loader
  • Google unlogins bypass implemented (90-95% validity)
  • CC collection is implemented
  • Gasket rotation is implemented, 1+10 addresses are sewn into the build (instead of 1+1 main and backup addresses before), it increases survivability and stability of the build many times.

Screenshot of panel (Clickable)

log format


Pricing plans:

EXPERIENCED

  • Set filters up to 10 .
  • Download logs in bulk
  • Possibility to upload logs by your search query (for example - only with wallets or only with instagram.com)
  • Ability to use search by parameters (country, with or without currency, with a specific filter)
  • Ability to clear dumps, dumps statistics on the "quality of logs" page
  • 3 tags for builds

PRICE: $250/month


PROFESSIONAL

  • All features of previous privileges
  • Unlimited number of filters
  • Logs can be deleted in bulk (by zeroing the counter)
  • Share your stats with others
  • Logs quality widget available
  • Filter widget is available
  • Search widened, logs search and downloading is available by request (in cookies/passwords)
  • Ability to monitor number of neighbors in logs
  • Logs quality rating system available
  • Ability to create and edit grabber profiles
  • Ability to add and remove extensions
  • Ability to add and remove browsers
  • Ability to add and remove paths for looting
  • Ability to use masks as well as variable paths
  • Ability to edit the data to be collected and the order of data collection, e.g. someone needs to collect cid phrases first and someone needs to collect chrome first
  • Ability to customize the depth of data collection
  • Ability to always roll back to default settings
  • Ability to create an unlimited number of rules in the profile
  • Ability to edit profile "hot", to change data collected by the stealer right during spreading
  • Non-residential Loader

PRICE: $500/month

CORPORATE

  • Previous privileges features
  • Dedicated build cleanup line, build is cleaned more often
  • Improved bypass of proactive protection (no message LummaC2.exe tries to access password store), build lives longer
  • Google Unlogging Bypass (90-95% validity)
  • Great for you-know-where point-level security breaches
  • Generation of random builds by our morpher, each build is individual, different from the other

PRICE: $1.000/month

FAQ​

Question: What happens after my subscription ends?
Answer: If your subscription ends, your traffic will not go anywhere, after the resumption of the subscription, logs during your inactivity will be waiting for you in the panel, this applies to ALL tariff plans.

Question: What guarantee on bounce rate?
Answer: It is impossible to say for sure at any particular moment, it depends on crypto and on how much time has passed after cleaning. In average on different exchanges and different crypto is 75%-85%.

Question: If I bought some tariff and its price increased during the process, will I pay this difference in price?
Answer: The clients, who bought the tariff the price is not indexed, the prices are indexed only for the new clients.​

Question: How often does the cleaning take place?
Answer: We try to clean the build as often as possible. All tariffs except corporate are cleaned every 5 days. Corporate rate is cleaned every 2 days.​

Question: Is crypt required?
Answer: Yes, crypt is required. The build is native, it is easy to crypt - there are partners who will make you a crypt without any problems.

Question: Does the stealer knock in CIS?
Answer: No and will not knock. Do not offer us any money - in any case there will be a refusal.

Our benefits:

  • Spreading without crypt protection. LummaC2 builds live longer, our customers are responsible - a message is shown when running a build without crypt.
Spreading without crypt protection
  • Binary morpher. All of our builds are morphed and cleaned automatically, and for the corporate rate there is generation of completely different, random builds.
  • Adaptive file grabber. Ability to add your own extensions, your own paths, it is now possible to create configurations (hereinafter profiles), and when downloading a build to assign it a specific profile and edit the rules right during the spreading! This grabber is the most flexible on the market.
Adaptive filegeabber profile
  • Non-resident Loader. Ability to load EXE / DLL / PowerShell together with stealer.
Loader
  • HavensGate. The stuffing of our corporate tariff - in other words, bypassing proactive defenses.
  • In the [Corporate] tariff, an additional GoogleAccounts folder is added to the log, which contains special cookies that will not crash a session even if the account owner changes the password. Sessions from the GoogleAccounts folder in the log are valid even when the main cookies are invalid, this option increases the validity of Google accounts to unprecedented levels.
  • Our service. We are MaaS, everything is on our secure and powerful servers. The client is only required to subscribe. If the client wishes, we independently install a gasket under the server. Support is online 24/7, always ready to help and advise the client. Reliable partners - from buying FB to brute cryptocurrency wallets. We provide the best service on the market.

Contacts(RU/EN):

Support/Seller@lummaseller126
Bugs - @lummanowork

Telegram Channel (Clickable)

Chat

Report content on this page

Report Page

Please submit your DMCA takedown request to dmca@telegram.org