General
-
Target
https://storage-prod-do-blr1-c.transfernow.net/files/2024-12-31%2F50881acb09bfe9169b09851e682d9750%2F20241231mbPXRY6g%2F6qtuPo%2FRelease-x64.zip?fileName=Release-x64.zip&bucketName=tnow-prod-apac&bucketId=6713bc8a-6b2c-4105-a432-4ff791c2ab89&size=20590647&singleFile=true&storageCache=true&x-amz-server-side-encryption-customer-algorithm=AES256&x-amz-server-side-encryption-customer-key=qX8L58lkXHtloqHC2VoqtciGSfMgTJBrZYdYl%2BafW3Y%3D&token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwYXRoIjoiL2ZpbGVzLzIwMjQtMTItMzElMkY1MDg4MWFjYjA5YmZlOTE2OWIwOTg1MWU2ODJkOTc1MCUyRjIwMjQxMjMxbWJQWFJZNmclMkY2cXR1UG8lMkZSZWxlYXNlLXg2NC56aXAiLCJpYXQiOjE3MzYwMTQ1MTcsImV4cCI6MTczNjAxNDYzN30.NAdmmrvsE9Po78rDXQdvJ_QMI5rU62WV16NfdK95tF4
-
Sample
250104-wv7beasqdj
Malware Config
Extracted
lumma
https://cloudewahsj.shop/api
https://rabidcowse.shop/api
https://noisycuttej.shop/api
https://tirepublicerj.shop/api
https://framekgirus.shop/api
https://wholersorie.shop/api
https://abruptyopsn.shop/api
https://nearycrepso.shop/api
Targets
-
-
Target
https://storage-prod-do-blr1-c.transfernow.net/files/2024-12-31%2F50881acb09bfe9169b09851e682d9750%2F20241231mbPXRY6g%2F6qtuPo%2FRelease-x64.zip?fileName=Release-x64.zip&bucketName=tnow-prod-apac&bucketId=6713bc8a-6b2c-4105-a432-4ff791c2ab89&size=20590647&singleFile=true&storageCache=true&x-amz-server-side-encryption-customer-algorithm=AES256&x-amz-server-side-encryption-customer-key=qX8L58lkXHtloqHC2VoqtciGSfMgTJBrZYdYl%2BafW3Y%3D&token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwYXRoIjoiL2ZpbGVzLzIwMjQtMTItMzElMkY1MDg4MWFjYjA5YmZlOTE2OWIwOTg1MWU2ODJkOTc1MCUyRjIwMjQxMjMxbWJQWFJZNmclMkY2cXR1UG8lMkZSZWxlYXNlLXg2NC56aXAiLCJpYXQiOjE3MzYwMTQ1MTcsImV4cCI6MTczNjAxNDYzN30.NAdmmrvsE9Po78rDXQdvJ_QMI5rU62WV16NfdK95tF4
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Executes dropped EXE
-