Overview

overview

10

Static

static

1

mal.ps1

windows7-x64

10

mal.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mal.ps1

  • Size

    477B

  • Sample

    250120-lrmsgstjdt

  • MD5

    106e8b1d646ba58948fa57cd919784b5

  • SHA1

    3c85495907a81aef34897e341703d2f7ad92a15b

  • SHA256

    572175d8c355a0e9e993eb3855fbb8b8aaac38ebb57eb14eb4757d52ec4605a7

  • SHA512

    a203b40d0b577f8e113c449520da60ad194e031be591132c6cbce38a7afa21fe4f6ea6cd88e27d4bdc42ec12acbb5861175be62a3b721968906f754a44d038ac

Score
10/10
lummadiscoveryexecutionstealer

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://n.kliphirofey.shop/43cee3481683f8897547367aa517dd31.png

Extracted

Family

lumma

C2

https://writeimgaiin.cyou/api

Targets

    • Target

      mal.ps1

    • Size

      477B

    • MD5

      106e8b1d646ba58948fa57cd919784b5

    • SHA1

      3c85495907a81aef34897e341703d2f7ad92a15b

    • SHA256

      572175d8c355a0e9e993eb3855fbb8b8aaac38ebb57eb14eb4757d52ec4605a7

    • SHA512

      a203b40d0b577f8e113c449520da60ad194e031be591132c6cbce38a7afa21fe4f6ea6cd88e27d4bdc42ec12acbb5861175be62a3b721968906f754a44d038ac

    Score
    10/10
    discoveryexecutionlummastealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks