Overview

overview

10

Static

static

10

joas.ps1

windows7-x64

3

joas.ps1

windows10-2004-x64

10

Resubmissions

20-01-2025 08:17

250120-j6swyaznfv 10

20-01-2025 08:15

250120-j5ww7szndt 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    joas.txt

  • Size

    563B

  • Sample

    250120-j6swyaznfv

  • MD5

    eec107adc7556820c3e5dd605ae5c0e2

  • SHA1

    17678792ec06e9d8e46a2159661206ef4b353bdb

  • SHA256

    ffc9ec8e21fc71ca14866897da1ad0402de51d94d17555274d486b79b3e1f8f1

  • SHA512

    532e1a6e3226ecaad18e0cb498473f2f458e6fefc6362eaa12517bc00f970c05260ee4072b87eda01eab5fb9517d0a1759615262fc408d707d7d435b115f9be5

Score
10/10
lummadiscoveryexecutionstealer

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://fransize-veryf.com/gamdome.zip

Extracted

Family

lumma

C2

https://mushyomittel.cyou/api

Targets

    • Target

      joas.txt

    • Size

      563B

    • MD5

      eec107adc7556820c3e5dd605ae5c0e2

    • SHA1

      17678792ec06e9d8e46a2159661206ef4b353bdb

    • SHA256

      ffc9ec8e21fc71ca14866897da1ad0402de51d94d17555274d486b79b3e1f8f1

    • SHA512

      532e1a6e3226ecaad18e0cb498473f2f458e6fefc6362eaa12517bc00f970c05260ee4072b87eda01eab5fb9517d0a1759615262fc408d707d7d435b115f9be5

    Score
    10/10
    executionlummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks