lumma | 67bdd734ab11d342d31ae9e06098f9dcfdfa049ce6bee94e2b41b1a943b07f03 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

clearfake.ps1
Size

789B
Sample

240617-j8tagssckg
MD5

c2368104448266d82519b71c924f77d5
SHA1

5b25da5a477a8bcf3e4023077ecfc58250e0b293
SHA256

67bdd734ab11d342d31ae9e06098f9dcfdfa049ce6bee94e2b41b1a943b07f03
SHA512

8174d5a98974bd5a4e0c2d333149f3115dc4bb8c7ee06412130383dbf3e51ea75db57c7599b44599d815dd9a6fa7684e251fe4f17c429ae5998ac0c56dd2da78

Score

10^/10

lumma execution stealer

Malware Config

Extracted

Family

lumma

C2

https://swingcirculateblsdi.shop/api

https://marathonbeedksow.shop/api

https://feighminoritsjda.shop/api

https://pleasurenarrowsdla.shop/api

https://falseaudiencekd.shop/api

https://raiseboltskdlwpow.shop/api

https://justifycanddidatewd.shop/api

https://strwawrunnygjwu.shop/api

https://richardflorespoew.shop/api

Targets

- Target
  
  clearfake.ps1
- Size
  
  789B
- MD5
  
  c2368104448266d82519b71c924f77d5
- SHA1
  
  5b25da5a477a8bcf3e4023077ecfc58250e0b293
- SHA256
  
  67bdd734ab11d342d31ae9e06098f9dcfdfa049ce6bee94e2b41b1a943b07f03
- SHA512
  
  8174d5a98974bd5a4e0c2d333149f3115dc4bb8c7ee06412130383dbf3e51ea75db57c7599b44599d815dd9a6fa7684e251fe4f17c429ae5998ac0c56dd2da78
Score

10^/10

lumma execution stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummaexecutionstealer