Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://buzzheavier....

windows10-2004-x64

10

Resubmissions

26-11-2024 17:18

241126-vvh35s1jg1 10

26-11-2024 17:17

241126-vt7eca1jf1 3

26-11-2024 17:17

241126-vt2h4a1jfv 1

26-11-2024 17:17

241126-vtwmva1jfs 1

26-11-2024 17:14

241126-vr2fbaxjfq 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://buzzheavier.com/o6nb6p4b4lcv

  • Sample

    241126-vvh35s1jg1

Score
10/10
lummadiscoveryphishingstealer

Malware Config

Extracted

Family

lumma

C2

https://powerful-avoids.sbs

https://motion-treesz.sbs

https://disobey-curly.sbs

https://leg-sate-boat.sbs

https://story-tense-faz.sbs

https://blade-govern.sbs

https://occupy-blushi.sbs

https://frogs-severz.sbs

https://winterchill.shop/api

Extracted

Family

lumma

C2

https://winterchill.shop/api

https://blade-govern.sbs/api

https://story-tense-faz.sbs/api

https://disobey-curly.sbs/api

https://motion-treesz.sbs/api

https://powerful-avoids.sbs/api

Targets

    • Target

      https://buzzheavier.com/o6nb6p4b4lcv

    Score
    10/10
    lummadiscoveryphishingstealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • A potential corporate email address has been identified in the URL: #Pa$$w0𝑅D-5917__Sat-Up@!

      phishing

    • Executes dropped EXE

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks