General

  • Target

    https://goo.su/0ULYuw

  • Sample

    240712-pp53tswarg

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    94.156.8.173
  • Port:
    21
  • Username:
    anonymous
  • Password:
    anonymous@

Extracted

Family

lumma

C2

https://demandlinzei.shop/api

https://applyzxcksdia.shop/api

https://replacedoxcjzp.shop/api

https://declaredczxi.shop/api

https://catchddkxozvp.shop/api

https://arriveoxpzxo.shop/api

https://contemplateodszsv.shop/api

https://bindceasdiwozx.shop/api

https://conformfucdioz.shop/api

https://reinforcedirectorywd.shop/api

Targets

    • Target

      https://goo.su/0ULYuw

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks