lumma | b260f38480746bb3769dbbc23802b3207b093e552d61b3e787386b94b081e31f

General

Target

b260f38480746bb3769dbbc23802b3207b093e552d61b3e787386b94b081e31f
Size

80KB
Sample

250121-xb6ffawqet
MD5

07fd51e1e8368144ea403137a671b84c
SHA1

b41a78c43c5bf58f6664cb455130c9501c370f05
SHA256

b260f38480746bb3769dbbc23802b3207b093e552d61b3e787386b94b081e31f
SHA512

854a57be09cb09217d268f9e5c2d9ce5da8cbed1fa75c3ec38cc2f1b323377cdbd4db29687fa01e186a1cad6a2ee2e18f8645f98f551eeaa9805269a21354dd7
SSDEEP

1536:Y2ShYtT4To+GdOfoPXRr9tXLtAuQeSVdJssWdcd7IW3+ZR+ueK:Y2z0To+GdlhrbwJJ7IW3+n+ue

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://147.45.44.131/infopage/ioubcs.exe

exe.dropper

http://147.45.44.131/infopage/ioubcs.exe

Extracted

Family

lumma

C2

https://factlosserk.click/api

Targets

- Target
  
  b260f38480746bb3769dbbc23802b3207b093e552d61b3e787386b94b081e31f
- Size
  
  80KB
- MD5
  
  07fd51e1e8368144ea403137a671b84c
- SHA1
  
  b41a78c43c5bf58f6664cb455130c9501c370f05
- SHA256
  
  b260f38480746bb3769dbbc23802b3207b093e552d61b3e787386b94b081e31f
- SHA512
  
  854a57be09cb09217d268f9e5c2d9ce5da8cbed1fa75c3ec38cc2f1b323377cdbd4db29687fa01e186a1cad6a2ee2e18f8645f98f551eeaa9805269a21354dd7
- SSDEEP
  
  1536:Y2ShYtT4To+GdOfoPXRr9tXLtAuQeSVdJssWdcd7IW3+ZR+ueK:Y2z0To+GdlhrbwJJ7IW3+n+ue
Score

10^/10

discovery lumma execution stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Blocklisted process makes network request
- Downloads MZ/PE file
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Blocklisted process makes network request

Downloads MZ/PE file

Command and Scripting Interpreter: PowerShell

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2