lumma | ed89e47950562f8720f044b3e92c359051d063681ecebf645e5c9ecc11517ac4

General

Target

ps.ps1
Size

472B
Sample

241121-mwpcjswkfp
MD5

ef0d9527ca42f62ee38b929d577435d1
SHA1

00f9fb6240e0bb430a793dee9275ff0454f7c8c9
SHA256

ed89e47950562f8720f044b3e92c359051d063681ecebf645e5c9ecc11517ac4
SHA512

731f2950c30498f1d51274977293e95f13229a647f7249cfc52dd9f6db97108b1056deba9e8a0ec5f4b19755567632e2c3ee9816a5b47f7880f940b951addb50

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://pub-7a0525921ff54f1193db83d7303c6ee8.r2.dev/poltos.zip

Extracted

Family

lumma

C2

https://w0rdergen1.cyou/api

Targets

- Target
  
  ps.ps1
- Size
  
  472B
- MD5
  
  ef0d9527ca42f62ee38b929d577435d1
- SHA1
  
  00f9fb6240e0bb430a793dee9275ff0454f7c8c9
- SHA256
  
  ed89e47950562f8720f044b3e92c359051d063681ecebf645e5c9ecc11517ac4
- SHA512
  
  731f2950c30498f1d51274977293e95f13229a647f7249cfc52dd9f6db97108b1056deba9e8a0ec5f4b19755567632e2c3ee9816a5b47f7880f940b951addb50
Score

10^/10

execution lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Blocklisted process makes network request
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Blocklisted process makes network request

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2