Overview

overview

10

Static

static

1

testtest.txt

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    testtest.txt

  • Size

    122B

  • Sample

    241119-g624hasbqn

  • MD5

    e3d8d364c2e11978a40a0876756f8f64

  • SHA1

    00ea4c6338819e1ca4db49d60729e633353a2df8

  • SHA256

    a177006460f7517a35bb7a971df24f09bde4204630e6c00c976cb57e3aa07c39

  • SHA512

    5916e10d03091c2c9226c773f276245adb014e9ba0715948a05ed02e358ddef2dbd1dd1fb9db983faefb34c303425f2dcfe06ad4048b90c587863741ab2a5b0e

Score
10/10
lummadiscoveryexecutionstealer

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://fixedzip.oss-ap-southeast-5.aliyuncs.com/replace.txt
exe.dropper

https://fixedzip.oss-ap-southeast-5.aliyuncs.com/replace.txt

Extracted

Family

lumma

C2

https://processhol.sbs/api

https://p10tgrace.sbs/api

https://peepburry828.sbs/api

https://3xp3cts1aim.sbs/api

https://p3ar11fter.sbs/api

Targets

    • Target

      testtest.txt

    • Size

      122B

    • MD5

      e3d8d364c2e11978a40a0876756f8f64

    • SHA1

      00ea4c6338819e1ca4db49d60729e633353a2df8

    • SHA256

      a177006460f7517a35bb7a971df24f09bde4204630e6c00c976cb57e3aa07c39

    • SHA512

      5916e10d03091c2c9226c773f276245adb014e9ba0715948a05ed02e358ddef2dbd1dd1fb9db983faefb34c303425f2dcfe06ad4048b90c587863741ab2a5b0e

    Score
    10/10
    lummadiscoveryexecutionstealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks