lumma | 1ee68dd6977f00a68a00b3331b728eeeffb1b0b0fc95c4a71594bef995f80bd0

General

Target

Test.ps1
Size

2KB
Sample

250126-xb1vysyrhw
MD5

1bc29571638a14d15437d650c7f8b5d6
SHA1

4a31f2ec99a7747af18cf7caa96950b80601da2b
SHA256

1ee68dd6977f00a68a00b3331b728eeeffb1b0b0fc95c4a71594bef995f80bd0
SHA512

a9ccfc4e7da5f4159b0056ee738bb95262b9fb74baeb7844efad31331a60a13a34ab4784712a8d59f11b5557e48eabd4872bb05e80139ec08510fabf76ba5eb2

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://toppyneedus.biz/api

Targets

- Target
  
  Test.ps1
- Size
  
  2KB
- MD5
  
  1bc29571638a14d15437d650c7f8b5d6
- SHA1
  
  4a31f2ec99a7747af18cf7caa96950b80601da2b
- SHA256
  
  1ee68dd6977f00a68a00b3331b728eeeffb1b0b0fc95c4a71594bef995f80bd0
- SHA512
  
  a9ccfc4e7da5f4159b0056ee738bb95262b9fb74baeb7844efad31331a60a13a34ab4784712a8d59f11b5557e48eabd4872bb05e80139ec08510fabf76ba5eb2
Score

10^/10

execution lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2