Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://drive.google...

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://drive.google.com/file/d/1fwJdsnnK8CE52uB6ttf5BOyA6_zlBL57/view?usp=drive_link

  • Sample

    240730-fdstpayeqb

Score
10/10
lummadefense_evasiondiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://flyyedreplacodp.shop/api

https://horizonvxjis.shop/api

https://effectivedoxzj.shop/api

https://parntorpkxzlp.shop/api

https://stimultaionsppzv.shop/api

https://grassytaisol.shop/api

https://broccoltisop.shop/api

https://shellfyyousdjz.shop/api

https://bravedreacisopm.shop/api

Extracted

Family

lumma

C2

https://flyyedreplacodp.shop/api

https://horizonvxjis.shop/api

Targets

    • Target

      https://drive.google.com/file/d/1fwJdsnnK8CE52uB6ttf5BOyA6_zlBL57/view?usp=drive_link

    Score
    10/10
    lummadefense_evasiondiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks