Overview

overview

10

Static

static

1

iVgo3EsQ.ps1

windows7-x64

3

iVgo3EsQ.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    iVgo3EsQ.ps1

  • Size

    5.7MB

  • Sample

    250121-cc9h9szqbr

  • MD5

    3250b4b574d23e89b23a2969d313f5b8

  • SHA1

    5ef2378f4aa0ed8c720c7af00471f9fe7578f382

  • SHA256

    97f3cdbd70d325b46be415aa5c26cf5fdc0b40a2d513aeb2333bb62d197e636c

  • SHA512

    6f5fae577d34f255a7de885e359b8b8139c518a788bc702b3c30ff47a514286afa7efd4564d988a40936f717fa8301707397721aaa2e0c71052fe65152b7274c

  • SSDEEP

    768:3Vd4nG1SSVAd1FOrXDdsePBiVtXsOEt5FzxSiMyIVwapmiwkUFcDmWuwR60C3e/R:3VoRbq3rW

Score
10/10
lummadiscoveryexecutionstealer

Malware Config

Extracted

Family

lumma

C2

https://impend-differ.biz/api

https://print-vexer.biz/api

https://dare-curbys.biz/api

https://covery-mover.biz/api

https://formy-spill.biz/api

https://dwell-exclaim.biz/api

https://zinc-sneark.biz/api

https://se-blurry.biz/api

Targets

    • Target

      iVgo3EsQ.ps1

    • Size

      5.7MB

    • MD5

      3250b4b574d23e89b23a2969d313f5b8

    • SHA1

      5ef2378f4aa0ed8c720c7af00471f9fe7578f382

    • SHA256

      97f3cdbd70d325b46be415aa5c26cf5fdc0b40a2d513aeb2333bb62d197e636c

    • SHA512

      6f5fae577d34f255a7de885e359b8b8139c518a788bc702b3c30ff47a514286afa7efd4564d988a40936f717fa8301707397721aaa2e0c71052fe65152b7274c

    • SSDEEP

      768:3Vd4nG1SSVAd1FOrXDdsePBiVtXsOEt5FzxSiMyIVwapmiwkUFcDmWuwR60C3e/R:3VoRbq3rW

    Score
    10/10
    executionlummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks