Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/S...

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    https://github.com/Shopify/polaris/discussions/13580

  • Sample

    250508-tg6rlsgj4x

Score
10/10
lummadefense_evasiondiscoveryexecutionprivilege_escalationstealer

Malware Config

Extracted

Family

lumma

C2

https://parakehjet.run/kewk

https://geographys.run/eirq

https://woodpeckersd.run/glsk

https://tropiscbs.live/iuwxx

https://cbuzzarddf.live/ktnt

https://biosphxere.digital/tqoa

https://7bearjk.live/benj

Targets

    • Target

      https://github.com/Shopify/polaris/discussions/13580

    Score
    10/10
    lummadefense_evasiondiscoveryexecutionprivilege_escalationstealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v16

Tasks

OSZAR »