General
-
Target
https://epsil1.pro
-
Sample
250109-kj3cjaxkhn
Score
10/10
Malware Config
Extracted
Family
lumma
C2
https://robinsharez.shop/api
https://handscreamny.shop/api
https://chipdonkeruz.shop/api
https://versersleep.shop/api
https://crowdwarek.shop/api
https://apporholis.shop/api
https://femalsabler.shop/api
https://soundtappysk.shop/api
Targets
-
-
Target
https://epsil1.pro
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
A potential corporate email address has been identified in the URL: [email protected]
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-