Overview

overview

10

Static

static

1

target.ps1

windows7-x64

3

target.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    target.ps1

  • Size

    98B

  • Sample

    241128-nbtbfawjds

  • MD5

    47b5c1e06d1c3e35f18a44e4892eaf78

  • SHA1

    99592d69c3d3718f399e633c92f6281486a58daf

  • SHA256

    aa977912f1d7f7ef671bf417b5726d838aeab0e217251613a7811f4a710143ba

  • SHA512

    0023a04da2dc1ec90a190386ab71a8d6eb3ef07d39652053527700f93ecd5243db6036ce6d232f886cf20981e9d9bf2025fc9e5a3fe07fe2de652d004b96f12d

Score
10/10
lummadiscoveryexecutionpersistencestealer

Malware Config

Extracted

Family

lumma

C2

https://powerful-avoids.sbs

https://motion-treesz.sbs

https://disobey-curly.sbs

https://leg-sate-boat.sbs

https://story-tense-faz.sbs

https://blade-govern.sbs

https://occupy-blushi.sbs

https://frogs-severz.sbs

https://motionless-temper.cyou

Extracted

Family

lumma

C2

https://motionless-temper.cyou/api

Targets

    • Target

      target.ps1

    • Size

      98B

    • MD5

      47b5c1e06d1c3e35f18a44e4892eaf78

    • SHA1

      99592d69c3d3718f399e633c92f6281486a58daf

    • SHA256

      aa977912f1d7f7ef671bf417b5726d838aeab0e217251613a7811f4a710143ba

    • SHA512

      0023a04da2dc1ec90a190386ab71a8d6eb3ef07d39652053527700f93ecd5243db6036ce6d232f886cf20981e9d9bf2025fc9e5a3fe07fe2de652d004b96f12d

    Score
    10/10
    executionlummadiscoverypersistencestealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks