General
-
Target
https://warepc.net/wondershare-filmora-crack/
-
Sample
250119-vrgqxaxmes
Malware Config
Extracted
lumma
https://comptetscant.shop/api
Targets
-
-
Target
https://warepc.net/wondershare-filmora-crack/
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Downloads MZ/PE file
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Network Share Discovery
Attempt to gather information on host network.
-
Drops file in System32 directory
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
2Credentials In Files
2Discovery
Browser Information Discovery
1Network Share Discovery
1Peripheral Device Discovery
1Process Discovery
1Query Registry
5System Information Discovery
5System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1