Score: | 88 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
|
AV Detection |
|
---|
Source: |
Avira URL Cloud: |
Source: |
Malware Configuration Extractor: |
Source: |
Virustotal: |
Perma Link | ||
Source: |
ReversingLabs: |
Source: |
Joe Sandbox ML: |
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
Source: |
Static PE information: |
Source: |
Static PE information: |
Source: |
Code function: |
0_2_00EEF898 | |
Source: |
Code function: |
0_2_00EF1B90 | |
Source: |
Code function: |
0_2_00EEF30B | |
Source: |
Code function: |
0_2_00EEF485 | |
Source: |
Code function: |
0_2_00EF1F90 | |
Source: |
Code function: |
0_2_00EB8740 | |
Source: |
Code function: |
0_2_00EB58F0 | |
Source: |
Code function: |
0_2_00EB58F0 | |
Source: |
Code function: |
0_2_00EF20F0 | |
Source: |
Code function: |
0_2_00ECE8A3 | |
Source: |
Code function: |
0_2_00EDD0B9 | |
Source: |
Code function: |
0_2_00EB9090 | |
Source: |
Code function: |
0_2_00ECE890 | |
Source: |
Code function: |
0_2_00ECA840 | |
Source: |
Code function: |
0_2_00ED69E0 | |
Source: |
Code function: |
0_2_00EDA9C0 | |
Source: |
Code function: |
0_2_00EDA9C0 | |
Source: |
Code function: |
0_2_00EF19C0 | |
Source: |
Code function: |
0_2_00ECA1DF | |
Source: |
Code function: |
0_2_00ED99D9 | |
Source: |
Code function: |
0_2_00ED99D9 | |
Source: |
Code function: |
0_2_00EBE9D5 | |
Source: |
Code function: |
0_2_00EDE9BA | |
Source: |
Code function: |
0_2_00EDE9BA | |
Source: |
Code function: |
0_2_00ED5932 | |
Source: |
Code function: |
0_2_00ED5932 | |
Source: |
Code function: |
0_2_00EE6AF0 | |
Source: |
Code function: |
0_2_00EC5AD0 | |
Source: |
Code function: |
0_2_00EBCA8D | |
Source: |
Code function: |
0_2_00EBCA8D | |
Source: |
Code function: |
0_2_00EDCA97 | |
Source: |
Code function: |
0_2_00ED7A60 | |
Source: |
Code function: |
0_2_00EBAA30 | |
Source: |
Code function: |
0_2_00ECB200 | |
Source: |
Code function: |
0_2_00ECB200 | |
Source: |
Code function: |
0_2_00ED3BEF | |
Source: |
Code function: |
0_2_00ED3BEF | |
Source: |
Code function: |
0_2_00EC93B4 | |
Source: |
Code function: |
0_2_00ED9390 | |
Source: |
Code function: |
0_2_00ED5360 | |
Source: |
Code function: |
0_2_00ED5360 | |
Source: |
Code function: |
0_2_00EB2B50 | |
Source: |
Code function: |
0_2_00EC4B2A | |
Source: |
Code function: |
0_2_00EDB4F0 | |
Source: |
Code function: |
0_2_00ED4CF0 | |
Source: |
Code function: |
0_2_00ED4CF0 | |
Source: |
Code function: |
0_2_00EC6CAE | |
Source: |
Code function: |
0_2_00EDBCA0 | |
Source: |
Code function: |
0_2_00EEA4A0 | |
Source: |
Code function: |
0_2_00EEA4A0 | |
Source: |
Code function: |
0_2_00EEA4A0 | |
Source: |
Code function: |
0_2_00EC6C82 | |
Source: |
Code function: |
0_2_00EC6C82 | |
Source: |
Code function: |
0_2_00ECE490 | |
Source: |
Code function: |
0_2_00ED9C61 | |
Source: |
Code function: |
0_2_00EB7470 | |
Source: |
Code function: |
0_2_00EB7470 | |
Source: |
Code function: |
0_2_00EEF449 | |
Source: |
Code function: |
0_2_00ED6C2C | |
Source: |
Code function: |
0_2_00EDEC2A | |
Source: |
Code function: |
0_2_00EDEC2A | |
Source: |
Code function: |
0_2_00EBDC38 | |
Source: |
Code function: |
0_2_00EBDC38 | |
Source: |
Code function: |
0_2_00ECAC08 | |
Source: |
Code function: |
0_2_00EDAC13 | |
Source: |
Code function: |
0_2_00EDE5A4 | |
Source: |
Code function: |
0_2_00EDE5A4 | |
Source: |
Code function: |
0_2_00ED3580 | |
Source: |
Code function: |
0_2_00ED3580 | |
Source: |
Code function: |
0_2_00EEAD43 | |
Source: |
Code function: |
0_2_00ED9512 | |
Source: |
Code function: |
0_2_00ED9512 | |
Source: |
Code function: |
0_2_00ED9512 | |
Source: |
Code function: |
0_2_00EDCECC | |
Source: |
Code function: |
0_2_00EDCECC | |
Source: |
Code function: |
0_2_00EDCE85 | |
Source: |
Code function: |
0_2_00EDCE85 | |
Source: |
Code function: |
0_2_00EB2E90 | |
Source: |
Code function: |
0_2_00EECE40 | |
Source: |
Code function: |
0_2_00EECE40 | |
Source: |
Code function: |
0_2_00EF1650 | |
Source: |
Code function: |
0_2_00EF1650 | |
Source: |
Code function: |
0_2_00EF1650 | |
Source: |
Code function: |
0_2_00ED762C | |
Source: |
Code function: |
0_2_00EDE60C | |
Source: |
Code function: |
0_2_00EDE60C | |
Source: |
Code function: |
0_2_00EDB7F0 | |
Source: |
Code function: |
0_2_00ECF740 | |
Source: |
Code function: |
0_2_00EB9750 | |
Source: |
Code function: |
0_2_00ED7750 |
Networking |
|
---|
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
Source: |
Code function: |
0_2_00EE4450 |
Source: |
Code function: |
0_2_00EE4450 |
Source: |
Code function: |
0_2_00EE4C21 |
Source: |
Code function: |
0_2_00EE76A6 | |
Source: |
Code function: |
0_2_00EB8740 | |
Source: |
Code function: |
0_2_00EB38F0 | |
Source: |
Code function: |
0_2_00EB58F0 | |
Source: |
Code function: |
0_2_00EE90B0 | |
Source: |
Code function: |
0_2_00EE109C | |
Source: |
Code function: |
0_2_00ED2870 | |
Source: |
Code function: |
0_2_00ED7007 | |
Source: |
Code function: |
0_2_00EE4010 | |
Source: |
Code function: |
0_2_00ECD1E9 | |
Source: |
Code function: |
0_2_00ED99E7 | |
Source: |
Code function: |
0_2_00ED69E0 | |
Source: |
Code function: |
0_2_00EDA9C0 | |
Source: |
Code function: |
0_2_00ED99D9 | |
Source: |
Code function: |
0_2_00EBE9D5 | |
Source: |
Code function: |
0_2_00EC81AE | |
Source: |
Code function: |
0_2_00EDE9BA | |
Source: |
Code function: |
0_2_00ECC980 | |
Source: |
Code function: |
0_2_00ECF190 | |
Source: |
Code function: |
0_2_00EBF140 | |
Source: |
Code function: |
0_2_00EE9950 | |
Source: |
Code function: |
0_2_00EC5AD0 | |
Source: |
Code function: |
0_2_00EB42A0 | |
Source: |
Code function: |
0_2_00EBCA8D | |
Source: |
Code function: |
0_2_00ED7A80 | |
Source: |
Code function: |
0_2_00ED7A60 | |
Source: |
Code function: |
0_2_00EDA27F | |
Source: |
Code function: |
0_2_00EC1A74 | |
Source: |
Code function: |
0_2_00EEA240 | |
Source: |
Code function: |
0_2_00EE8251 | |
Source: |
Code function: |
0_2_00EBAA30 | |
Source: |
Code function: |
0_2_00EB6200 | |
Source: |
Code function: |
0_2_00ECB200 | |
Source: |
Code function: |
0_2_00ED3BEF | |
Source: |
Code function: |
0_2_00EDDBD5 | |
Source: |
Code function: |
0_2_00EB4BD0 | |
Source: |
Code function: |
0_2_00EC93B4 | |
Source: |
Code function: |
0_2_00EF0380 | |
Source: |
Code function: |
0_2_00ED5360 | |
Source: |
Code function: |
0_2_00EB9320 | |
Source: |
Code function: |
0_2_00ED0B20 | |
Source: |
Code function: |
0_2_00EBF33E | |
Source: |
Code function: |
0_2_00EF1300 | |
Source: |
Code function: |
0_2_00ED4CF0 | |
Source: |
Code function: |
0_2_00EC6CAE | |
Source: |
Code function: |
0_2_00EEA4A0 | |
Source: |
Code function: |
0_2_00ED84A2 | |
Source: |
Code function: |
0_2_00ECECB0 | |
Source: |
Code function: |
0_2_00EB7470 | |
Source: |
Code function: |
0_2_00EF0470 | |
Source: |
Code function: |
0_2_00EC2450 | |
Source: |
Code function: |
0_2_00EBDC38 | |
Source: |
Code function: |
0_2_00EF05F0 | |
Source: |
Code function: |
0_2_00ECDDC0 | |
Source: |
Code function: |
0_2_00EED5C0 | |
Source: |
Code function: |
0_2_00EDE5A4 | |
Source: |
Code function: |
0_2_00EE0D88 | |
Source: |
Code function: |
0_2_00ED3580 | |
Source: |
Code function: |
0_2_00ED8D60 | |
Source: |
Code function: |
0_2_00EF0560 | |
Source: |
Code function: |
0_2_00EE2570 | |
Source: |
Code function: |
0_2_00EEAD43 | |
Source: |
Code function: |
0_2_00EF0D40 | |
Source: |
Code function: |
0_2_00ECF550 | |
Source: |
Code function: |
0_2_00ED9512 | |
Source: |
Code function: |
0_2_00EE96F0 | |
Source: |
Code function: |
0_2_00EDDEC3 | |
Source: |
Code function: |
0_2_00EC0EDD | |
Source: |
Code function: |
0_2_00EDDED9 | |
Source: |
Code function: |
0_2_00EC7EA6 | |
Source: |
Code function: |
0_2_00EF0680 | |
Source: |
Code function: |
0_2_00EB2E90 | |
Source: |
Code function: |
0_2_00EB6690 | |
Source: |
Code function: |
0_2_00ED9E75 | |
Source: |
Code function: |
0_2_00EE8E50 | |
Source: |
Code function: |
0_2_00EF1650 | |
Source: |
Code function: |
0_2_00EEFE2D | |
Source: |
Code function: |
0_2_00EDE60C | |
Source: |
Code function: |
0_2_00EF0FD0 | |
Source: |
Code function: |
0_2_00EBFF93 | |
Source: |
Code function: |
0_2_00ECF740 | |
Source: |
Code function: |
0_2_00EB9750 | |
Source: |
Code function: |
0_2_00EBAF00 | |
Source: |
Code function: |
0_2_00EE8703 | |
Source: |
Code function: |
0_2_00EDEF10 |
Source: |
Code function: |
||
Source: |
Code function: |
Source: |
Static PE information: |
Source: |
Classification label: |
Source: |
Code function: |
0_2_00EE2890 |
Source: |
Static PE information: |
Source: |
Key opened: |
Jump to behavior |
Source: |
Virustotal: |
||
Source: |
ReversingLabs: |
Source: |
File read: |
Jump to behavior |
Source: |
Section loaded: |
Jump to behavior |
Source: |
Static PE information: |
Source: |
Code function: |
0_2_00EED20F | |
Source: |
Code function: |
0_2_00EF0341 |
Source: |
Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: |
API call chain: |
Source: |
Code function: |
0_2_00EEEB40 |
Source: |
Thread injection, dropped files, key value created, disk infection and DNS query: |
HIPS / PFW / Operating System Protection Evasion |
|
---|
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
Stealing of Sensitive Information |
|
---|
Source: |
File source: |
Remote Access Functionality |
|
---|
Source: |
File source: |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
|
high | |
false |
|
high | |
false |
|
high | |
false |
|
high | |
true |
|
unknown | |
false |
|
high | |
false |
|
high | |
false |
|
high | |
false |
|
high |