← Back to malware index
LummaC2
Attributions are based on open-source threat reports. A family appearing here means at least one syscall record cites it; absence does not imply non-use.
3 syscalls cited
- NtDeleteKey
Deletes a registry key when the handle is closed — used to wipe persistence and audit-key artefacts post-execution.
- NtQueryValueKey
Reads a value from a registry key — the targeted credential and config harvest primitive.
- NtReadFile
Reads bytes from a file, device, named pipe or mapped section into a user buffer — the kernel primitive behind ReadFile.