Overview

overview

10

Static

static

1

redirect.html

windows10-2004-x64

10

redirect.html

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    redirect

  • Size

    6KB

  • Sample

    241127-jxlq9s1qfk

  • MD5

    714163d1a88da215b7dd9fb8143c2605

  • SHA1

    008b1e292c3942192a4c2e0abc432775a39a49e2

  • SHA256

    9afca0afcd89489efd32e234e102297ebcc1c2ba58441c66c9d3a21fc882ead6

  • SHA512

    9d20134adfb5487c75d27746fd55c38d93ac55486142066964ad306a2c0be3e46122418cb58568c7b21cf5cd178675d98d634ab00fc590f6e7b7a8cac01b8a66

  • SSDEEP

    192:dEHLxX7777/77QF7ByrK0Lod4BYCIksOqXeTn:dEr5HYJ0+CIksOqXi

Score
10/10
lummadiscoverymotwphishingstealer

Malware Config

Extracted

Family

lumma

C2

https://powerful-avoids.sbs

https://motion-treesz.sbs

https://disobey-curly.sbs

https://leg-sate-boat.sbs

https://story-tense-faz.sbs

https://blade-govern.sbs

https://occupy-blushi.sbs

https://frogs-severz.sbs

https://property-imper.sbs

Targets

    • Target

      redirect

    • Size

      6KB

    • MD5

      714163d1a88da215b7dd9fb8143c2605

    • SHA1

      008b1e292c3942192a4c2e0abc432775a39a49e2

    • SHA256

      9afca0afcd89489efd32e234e102297ebcc1c2ba58441c66c9d3a21fc882ead6

    • SHA512

      9d20134adfb5487c75d27746fd55c38d93ac55486142066964ad306a2c0be3e46122418cb58568c7b21cf5cd178675d98d634ab00fc590f6e7b7a8cac01b8a66

    • SSDEEP

      192:dEHLxX7777/77QF7ByrK0Lod4BYCIksOqXeTn:dEr5HYJ0+CIksOqXi

    Score
    10/10
    lummadiscoverymotwphishingstealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Mark of the Web detected: This indicates that the page was originally saved or cloned.

      phishingmotw

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks