General

  • Target

    aaaa.ps1

  • Size

    451B

  • Sample

    241122-f1jvas1ldm

  • MD5

    9a6ccc9afb164bff29d969bb8e6b5624

  • SHA1

    79e602dee0b7a411e5db13739b43fae1ac2c0dd3

  • SHA256

    b9f126c04bb56be08519685eb906a650027fc68931015b7202e09373766155ea

  • SHA512

    03faa5b073947f90fbba90f2292537442dc91b89c9778c3cc4ee81c5e7cc5b662558c6b30284f7fbc16ea8af7ec80ea6990b4f22f5f5620037a76789fbde11b6

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://bot-check-zip.b-cdn.net/file222.zip

Extracted

Family

lumma

C2

https://stopruthless.cyou/api

Targets

    • Target

      aaaa.ps1

    • Size

      451B

    • MD5

      9a6ccc9afb164bff29d969bb8e6b5624

    • SHA1

      79e602dee0b7a411e5db13739b43fae1ac2c0dd3

    • SHA256

      b9f126c04bb56be08519685eb906a650027fc68931015b7202e09373766155ea

    • SHA512

      03faa5b073947f90fbba90f2292537442dc91b89c9778c3cc4ee81c5e7cc5b662558c6b30284f7fbc16ea8af7ec80ea6990b4f22f5f5620037a76789fbde11b6

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks