lumma | a33973f5db28149436244ea6de4fb1eec9f297b795b949f293bfc322504d9510 | Triage

Sharing

General

Target

stage1.ps1
Size

2KB
Sample

250123-zfcd9ssmbv
MD5

9cc29d3f5d6f3a35268cde9622b1ac9a
SHA1

241b1037acf1d713fc90239739428e3d3c0b9ad2
SHA256

a33973f5db28149436244ea6de4fb1eec9f297b795b949f293bfc322504d9510
SHA512

7a76b35c761708c4c01e2838ef39edeed740201274586649368bcd92e4edb230e68e6cd78880b68f6ef1f2bcb4785e45b19ab3da23d5dcaabae20b25ffacf95e

Score

10^/10

lumma discovery execution stealer

Malware Config

Extracted

Family

lumma

C2

https://toppyneedus.biz/api

https://suggestyuoz.biz/api

Targets

- Target
  
  stage1.ps1
- Size
  
  2KB
- MD5
  
  9cc29d3f5d6f3a35268cde9622b1ac9a
- SHA1
  
  241b1037acf1d713fc90239739428e3d3c0b9ad2
- SHA256
  
  a33973f5db28149436244ea6de4fb1eec9f297b795b949f293bfc322504d9510
- SHA512
  
  7a76b35c761708c4c01e2838ef39edeed740201274586649368bcd92e4edb230e68e6cd78880b68f6ef1f2bcb4785e45b19ab3da23d5dcaabae20b25ffacf95e
Score

10^/10

execution lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummadiscoveryexecutionstealer