General

  • Target

    protocol.ps1

  • Size

    638B

  • Sample

    241122-f2229s1lfl

  • MD5

    438bdde142d374368c77b97a7a1561c6

  • SHA1

    de1663c0d3760ed9c012610a85e58d21d2af90ca

  • SHA256

    47b71556865351eaf445aaba6a0c6fd53322d8294ea2da5be78d184ce746ff3f

  • SHA512

    86663e3284b95dd235417fee177bbc9e519abd05ae7cc03eab34b814e34a82fb8cb30939ba4bfa357ea70644a9504248514d951736d6de591668d6136dac9fba

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://encryptedzip.oss-ap-southeast-1.aliyuncs.com/protocol.zip

Extracted

Family

lumma

C2

https://stopruthless.cyou/api

Targets

    • Target

      protocol.ps1

    • Size

      638B

    • MD5

      438bdde142d374368c77b97a7a1561c6

    • SHA1

      de1663c0d3760ed9c012610a85e58d21d2af90ca

    • SHA256

      47b71556865351eaf445aaba6a0c6fd53322d8294ea2da5be78d184ce746ff3f

    • SHA512

      86663e3284b95dd235417fee177bbc9e519abd05ae7cc03eab34b814e34a82fb8cb30939ba4bfa357ea70644a9504248514d951736d6de591668d6136dac9fba

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks