lumma | 47110ef49f5b24c718d63e79c4cbbb0121bdfc4889d42febe5a5409a2f2f3899 | Triage

Sharing

General

Target

47110ef49f5b24c718d63e79c4cbbb0121bdfc4889d42febe5a5409a2f2f3899.unknown
Size

459B
Sample

241123-ctv27s1qgk
MD5

a08cd6c1b50f050a764180741c3b32c4
SHA1

8e490919f1fa3ee1a75fd59fa3426d95cc455bd4
SHA256

47110ef49f5b24c718d63e79c4cbbb0121bdfc4889d42febe5a5409a2f2f3899
SHA512

e5a799d4c3c8572ea4a127ab9ee73d85b80c3339f4d0b73b44b6b183764732bac7e3a19aa9baa86ebb3c4cbf6b1a5c5f102075e3d8401473c657131a8172d77a

Score

10^/10

lumma discovery execution stealer

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://pub-7a0525921ff54f1193db83d7303c6ee8.r2.dev/poltos.zip

Extracted

Family

lumma

C2

https://w0rdergen1.cyou/api

Targets

- Target
  
  47110ef49f5b24c718d63e79c4cbbb0121bdfc4889d42febe5a5409a2f2f3899.unknown
- Size
  
  459B
- MD5
  
  a08cd6c1b50f050a764180741c3b32c4
- SHA1
  
  8e490919f1fa3ee1a75fd59fa3426d95cc455bd4
- SHA256
  
  47110ef49f5b24c718d63e79c4cbbb0121bdfc4889d42febe5a5409a2f2f3899
- SHA512
  
  e5a799d4c3c8572ea4a127ab9ee73d85b80c3339f4d0b73b44b6b183764732bac7e3a19aa9baa86ebb3c4cbf6b1a5c5f102075e3d8401473c657131a8172d77a
Score

10^/10

execution lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Blocklisted process makes network request
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummadiscoveryexecutionstealer