lumma | 47b71556865351eaf445aaba6a0c6fd53322d8294ea2da5be78d184ce746ff3f

General

Target

protocol.ps1
Size

638B
Sample

241122-f7mvja1mdj
MD5

438bdde142d374368c77b97a7a1561c6
SHA1

de1663c0d3760ed9c012610a85e58d21d2af90ca
SHA256

47b71556865351eaf445aaba6a0c6fd53322d8294ea2da5be78d184ce746ff3f
SHA512

86663e3284b95dd235417fee177bbc9e519abd05ae7cc03eab34b814e34a82fb8cb30939ba4bfa357ea70644a9504248514d951736d6de591668d6136dac9fba

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://encryptedzip.oss-ap-southeast-1.aliyuncs.com/protocol.zip

Extracted

Family

lumma

C2

https://stopruthless.cyou/api

Targets

- Target
  
  protocol.ps1
- Size
  
  638B
- MD5
  
  438bdde142d374368c77b97a7a1561c6
- SHA1
  
  de1663c0d3760ed9c012610a85e58d21d2af90ca
- SHA256
  
  47b71556865351eaf445aaba6a0c6fd53322d8294ea2da5be78d184ce746ff3f
- SHA512
  
  86663e3284b95dd235417fee177bbc9e519abd05ae7cc03eab34b814e34a82fb8cb30939ba4bfa357ea70644a9504248514d951736d6de591668d6136dac9fba
Score

10^/10

execution lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Blocklisted process makes network request
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Blocklisted process makes network request

Executes dropped EXE

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2