lumma | b9f126c04bb56be08519685eb906a650027fc68931015b7202e09373766155ea

General

Target

aaaa.ps1
Size

451B
Sample

241122-fxfcpsvmfy
MD5

9a6ccc9afb164bff29d969bb8e6b5624
SHA1

79e602dee0b7a411e5db13739b43fae1ac2c0dd3
SHA256

b9f126c04bb56be08519685eb906a650027fc68931015b7202e09373766155ea
SHA512

03faa5b073947f90fbba90f2292537442dc91b89c9778c3cc4ee81c5e7cc5b662558c6b30284f7fbc16ea8af7ec80ea6990b4f22f5f5620037a76789fbde11b6

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://bot-check-zip.b-cdn.net/file222.zip

Extracted

Family

lumma

C2

https://stopruthless.cyou/api

Targets

- Target
  
  aaaa.ps1
- Size
  
  451B
- MD5
  
  9a6ccc9afb164bff29d969bb8e6b5624
- SHA1
  
  79e602dee0b7a411e5db13739b43fae1ac2c0dd3
- SHA256
  
  b9f126c04bb56be08519685eb906a650027fc68931015b7202e09373766155ea
- SHA512
  
  03faa5b073947f90fbba90f2292537442dc91b89c9778c3cc4ee81c5e7cc5b662558c6b30284f7fbc16ea8af7ec80ea6990b4f22f5f5620037a76789fbde11b6
Score

10^/10

execution lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Blocklisted process makes network request
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Blocklisted process makes network request

Executes dropped EXE

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2