lumma | cec8edd890e127b429f7801501f8637036048ca6f2d3c64b2c4d64f2168b07fd

General

Target

34.ps1
Size

1KB
Sample

250122-wfs58synam
MD5

68bddac7ac658f9f72b58f984399756f
SHA1

f424b6c82945ddb068f8f7bc2f6ff2a72f5bf2d9
SHA256

cec8edd890e127b429f7801501f8637036048ca6f2d3c64b2c4d64f2168b07fd
SHA512

cb56d4642ec4cf77a96c059094cc9261a7136bdce4c313dcacae6e94db6e320dafb9be5498e33524315a21fc0d10a4c7d663b3bd096957c773df7de9c34d8d98

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
shaileshvisionaryastrologer.com
Port:
21
Username:
AstroVision
Password:
Ve!0mh16

Extracted

Family

lumma

C2

https://suggestyuoz.biz/api

Targets

- Target
  
  34.ps1
- Size
  
  1KB
- MD5
  
  68bddac7ac658f9f72b58f984399756f
- SHA1
  
  f424b6c82945ddb068f8f7bc2f6ff2a72f5bf2d9
- SHA256
  
  cec8edd890e127b429f7801501f8637036048ca6f2d3c64b2c4d64f2168b07fd
- SHA512
  
  cb56d4642ec4cf77a96c059094cc9261a7136bdce4c313dcacae6e94db6e320dafb9be5498e33524315a21fc0d10a4c7d663b3bd096957c773df7de9c34d8d98
Score

10^/10

execution lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2