Overview

overview

10

Static

static

1

script.py

windows7-x64

3

script.py

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    script.py

  • Size

    1KB

  • Sample

    250106-y4ct9swqdt

  • MD5

    447d04e6fcbef9b66eafa28b3a928a60

  • SHA1

    4d716e1dd2520f1c9ab5d1a79f75c87a63101fa7

  • SHA256

    6ec6c001e46e69a80acd54e349d6475a8198fc7178947c8cda9b56a244d6d6a3

  • SHA512

    2c85aa2234e17bce10e51340fc99214e39fffe56b8c035aacd9be8f4a2c0806dcd8ce3f3762035904e43d4006e54f493fbccf32d7acdf9cfaec487453c5ece50

Score
10/10
lummadiscoveryexecutionstealer

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://kliphylj.shop/sercd.json

Extracted

Family

lumma

C2

https://wholersorie.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

Targets

    • Target

      script.py

    • Size

      1KB

    • MD5

      447d04e6fcbef9b66eafa28b3a928a60

    • SHA1

      4d716e1dd2520f1c9ab5d1a79f75c87a63101fa7

    • SHA256

      6ec6c001e46e69a80acd54e349d6475a8198fc7178947c8cda9b56a244d6d6a3

    • SHA512

      2c85aa2234e17bce10e51340fc99214e39fffe56b8c035aacd9be8f4a2c0806dcd8ce3f3762035904e43d4006e54f493fbccf32d7acdf9cfaec487453c5ece50

    Score
    10/10
    discoverylummaexecutionstealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks