General
-
Target
botlobby12.b-cdn.net_IVLVIOYW.txt.ps1.ps1
-
Size
33.3MB
-
Sample
241126-tkga5avldl
-
MD5
5418685e5a0cde78582f1e7086bc11c5
-
SHA1
44b8a7eb1e68d3d49aa77dc55cbaafa089b6b410
-
SHA256
6d8c4d326c1da4c9fd6c410030b725cf4a54a76f29030d786dc3df8ab06c687f
-
SHA512
86024aaec09bf12b531e8577de76639bbe97decee1fb6eec6704f177df74b4460f5c4d6e5d0e5bf37736c338e449cce3526eda02bba9bbd47b4dcd4ba420fb52
-
SSDEEP
49152:mD6Y62P93RoIy7QjmQMEymPv6CnJAc0U+pKAT6+nOLgYQw1gGZ2u/scENOuKQwNP:k
Malware Config
Extracted
lumma
https://powerful-avoids.sbs
https://motion-treesz.sbs
https://disobey-curly.sbs
https://leg-sate-boat.sbs
https://story-tense-faz.sbs
https://blade-govern.sbs
https://occupy-blushi.sbs
https://frogs-severz.sbs
https://oak-smash.cyou
Extracted
lumma
https://oak-smash.cyou/api
https://blade-govern.sbs/api
https://story-tense-faz.sbs/api
https://disobey-curly.sbs/api
https://motion-treesz.sbs/api
https://powerful-avoids.sbs/api
Targets
-
-
Target
botlobby12.b-cdn.net_IVLVIOYW.txt.ps1.ps1
-
Size
33.3MB
-
MD5
5418685e5a0cde78582f1e7086bc11c5
-
SHA1
44b8a7eb1e68d3d49aa77dc55cbaafa089b6b410
-
SHA256
6d8c4d326c1da4c9fd6c410030b725cf4a54a76f29030d786dc3df8ab06c687f
-
SHA512
86024aaec09bf12b531e8577de76639bbe97decee1fb6eec6704f177df74b4460f5c4d6e5d0e5bf37736c338e449cce3526eda02bba9bbd47b4dcd4ba420fb52
-
SSDEEP
49152:mD6Y62P93RoIy7QjmQMEymPv6CnJAc0U+pKAT6+nOLgYQw1gGZ2u/scENOuKQwNP:k
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-