Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows10-ltsc 2021-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://cdn.discordapp.com/attachments/1313969251027128395/1317947051119743006/Void-Activator.exe?ex=67784457&is=6776f2d7&hm=f6d5e98cc3b69545e18a8b8b1aade95386350d8082702365e8e58134c47d7d18&

  • Sample

    250103-a2cjqavqfj

Score
10/10
lummadiscoverypersistencestealer

Malware Config

Extracted

Family

lumma

C2

https://sordid-snaked.cyou/api

https://awake-weaves.cyou/api

https://wrathful-jammy.cyou/api

https://debonairnukk.xyz/api

https://diffuculttan.xyz/api

https://effecterectz.xyz/api

https://deafeninggeh.biz/api

https://immureprech.biz/api

Targets

    • Target

      https://cdn.discordapp.com/attachments/1313969251027128395/1317947051119743006/Void-Activator.exe?ex=67784457&is=6776f2d7&hm=f6d5e98cc3b69545e18a8b8b1aade95386350d8082702365e8e58134c47d7d18&

    Score
    10/10
    lummadiscoverypersistencestealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks