Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://bmy7etxgksxo...

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://bmy7etxgksxo.objectstorage.sa-santiago-1.oci.customer-oci.com/n/bmy7etxgksxo/b/just/o/verif-process-step-final.html

  • Sample

    250106-rr8ylsynaw

Score
10/10
lummadiscoveryexecutionphishingstealer

Malware Config

Extracted

Family

lumma

C2

https://impend-differ.biz/api

https://print-vexer.biz/api

https://dare-curbys.biz/api

https://covery-mover.biz/api

https://formy-spill.biz/api

https://dwell-exclaim.biz/api

https://zinc-sneark.biz/api

https://se-blurry.biz/api

Targets

    • Target

      https://bmy7etxgksxo.objectstorage.sa-santiago-1.oci.customer-oci.com/n/bmy7etxgksxo/b/just/o/verif-process-step-final.html

    Score
    10/10
    lummadiscoveryexecutionphishingstealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Blocklisted process makes network request

    • A potential corporate email address has been identified in the URL: currency-file@1

      phishing

    • Executes dropped EXE

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops file in System32 directory

    • Enumerates processes with tasklist

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks