Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
|
AV Detection |
---|
Source: |
Avira: |
Source: |
Malware Configuration Extractor: |
Source: |
Integrated Neural Analysis Model: |
Source: |
Joe Sandbox ML: |
Source: |
Joe Sandbox ML: |
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
Source: |
Code function: |
0_2_0088D7F8 |
Source: |
Static PE information: |
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
Source: |
Binary string: |
Source: |
Code function: |
0_2_0087EC20 | |
Source: |
Code function: |
0_2_0088104F | |
Source: |
Code function: |
0_2_008B4C40 | |
Source: |
Code function: |
0_2_0087E1A0 | |
Source: |
Code function: |
0_2_008AE210 | |
Source: |
Code function: |
0_2_0087CF90 | |
Source: |
Code function: |
0_2_0089AB20 | |
Source: |
Code function: |
0_2_0089AB20 | |
Source: |
Code function: |
0_2_00875890 | |
Source: |
Code function: |
0_2_008AFC90 | |
Source: |
Code function: |
0_2_008814CE | |
Source: |
Code function: |
0_2_0088E07E | |
Source: |
Code function: |
0_2_0087BD50 | |
Source: |
Code function: |
0_2_0087BD50 | |
Source: |
Code function: |
0_2_00898290 | |
Source: |
Code function: |
0_2_008B3A90 | |
Source: |
Code function: |
0_2_00891EC5 | |
Source: |
Code function: |
0_2_00891EC5 | |
Source: |
Code function: |
0_2_00878EF0 | |
Source: |
Code function: |
0_2_00874BA0 |
Networking |
---|
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
Source: |
HTTP traffic detected: |