General

  • Target

    97f3cdbd70d325b46be415aa5c26cf5fdc0b40a2d513aeb2333bb62d197e636c.ps1

  • Size

    5.7MB

  • Sample

    250122-dl92tswjbq

  • MD5

    3250b4b574d23e89b23a2969d313f5b8

  • SHA1

    5ef2378f4aa0ed8c720c7af00471f9fe7578f382

  • SHA256

    97f3cdbd70d325b46be415aa5c26cf5fdc0b40a2d513aeb2333bb62d197e636c

  • SHA512

    6f5fae577d34f255a7de885e359b8b8139c518a788bc702b3c30ff47a514286afa7efd4564d988a40936f717fa8301707397721aaa2e0c71052fe65152b7274c

  • SSDEEP

    768:3Vd4nG1SSVAd1FOrXDdsePBiVtXsOEt5FzxSiMyIVwapmiwkUFcDmWuwR60C3e/R:3VoRbq3rW

Malware Config

Extracted

Family

lumma

C2

https://impend-differ.biz/api

https://print-vexer.biz/api

https://dare-curbys.biz/api

https://covery-mover.biz/api

https://formy-spill.biz/api

https://dwell-exclaim.biz/api

https://zinc-sneark.biz/api

https://se-blurry.biz/api

Targets

    • Target

      97f3cdbd70d325b46be415aa5c26cf5fdc0b40a2d513aeb2333bb62d197e636c.ps1

    • Size

      5.7MB

    • MD5

      3250b4b574d23e89b23a2969d313f5b8

    • SHA1

      5ef2378f4aa0ed8c720c7af00471f9fe7578f382

    • SHA256

      97f3cdbd70d325b46be415aa5c26cf5fdc0b40a2d513aeb2333bb62d197e636c

    • SHA512

      6f5fae577d34f255a7de885e359b8b8139c518a788bc702b3c30ff47a514286afa7efd4564d988a40936f717fa8301707397721aaa2e0c71052fe65152b7274c

    • SSDEEP

      768:3Vd4nG1SSVAd1FOrXDdsePBiVtXsOEt5FzxSiMyIVwapmiwkUFcDmWuwR60C3e/R:3VoRbq3rW

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.