General
-
Target
https://www.mediafire.com/file/ltemareyq1pmqgy/#Pa$$C%C5%8C%F0%9D%94%BBe--2275__OpeN-Se-tUp@!#.zip/file
-
Sample
250106-g34sxsylbz
Malware Config
Extracted
lumma
https://cloudewahsj.shop/api
https://rabidcowse.shop/api
https://noisycuttej.shop/api
https://tirepublicerj.shop/api
https://framekgirus.shop/api
https://wholersorie.shop/api
https://abruptyopsn.shop/api
https://nearycrepso.shop/api
https://swingybeattyz.sbs/api
Extracted
lumma
https://swingybeattyz.sbs/api
https://abruptyopsn.shop/api
https://wholersorie.shop/api
https://framekgirus.shop/api
https://tirepublicerj.shop/api
https://noisycuttej.shop/api
https://rabidcowse.shop/api
https://cloudewahsj.shop/api
Targets
-
-
Target
https://www.mediafire.com/file/ltemareyq1pmqgy/#Pa$$C%C5%8C%F0%9D%94%BBe--2275__OpeN-Se-tUp@!#.zip/file
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Downloads MZ/PE file
-
A potential corporate email address has been identified in the URL: #Pa$$CŌ𝔻e--2275__OpeN-Se-tUp@!#
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-