Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://www.doorsplu...

windows10-2004-x64

10

Resubmissions

30/03/2025, 02:54

250330-dd4j3s1ky7 10

30/03/2025, 02:21

250330-ctgjtax1at 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://www.doorsplus.com.au/just-a-moment/

  • Sample

    250330-dd4j3s1ky7

Score
10/10
lummadiscoveryphishingspywarestealer

Malware Config

Extracted

Family

lumma

C2

https://7devloopt.live/GiaOzp

https://oreheatq.live/gsopp

https://castmaxw.run/ganzde

https://weldorae.digital/geds

https://steelixr.live/aguiz

https://advennture.top/GKsiio

https://targett.top/dsANGt

https://smeltingt.run/giiaus

https://ferromny.digital/gwpd

Targets

    • Target

      https://www.doorsplus.com.au/just-a-moment/

    Score
    10/10
    lummadiscoveryphishingspywarestealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks