#lumma_310124

1. #IOC #OptiData #VR #Lumma #Stealer #AutoIt #7z #PWD #EXE
2.  
3. https://pastebin.com/0sqGs6aV
4.  
5. previous_contact:
6. 30/01/24 https://pastebin.com/pgjwR07Z
7. 27/01/24 https://pastebin.com/4B3hwvpx
8. 25/01/24 https://pastebin.com/pwL5HdeX
9.  
10. FAQ:
11. https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
12.  
13. attack_vector
14. --------------
15. email attach .rar > .7z (PWD) > .exe > .pif (AutoIt) > h (Java Script) > C2
16.  
17.  
18. # # # # # # # #
19. email_headers
20. # # # # # # # #
21. Date: Wed, 31 Jan 2024 15:26:34 +0300
22. From: Цісик Царко <kaylee @ 2x4_com>
23. Subject: Для Бухгалтерії (Акт)
24. Reply-To: Тиханович Гордогост <webmaster @ barbershop - man_ru>
25. Received: from mail_brandincubatorlab_com ([52_137_103_248])
26. Received: from WIN - LCETV91VPS6 (plum - development2_aeza_one [79_137_205_213])
27. Message-ID: <73F848BA - F19C - 472A - A03C - 92CBC29E896D @ mail_brandincubatorlab_com>
28.  
29. # # # # # # # #
30. files
31. # # # # # # # #
32. SHA-256
33. File name
34. File size
35.  
36. SHA-256
37. File name
38. File size
39.  
40. SHA-256
41. File name
42. File size
43.  
44.  
45. # # # # # # # #
46. activity
47. # # # # # # # #
48.  
49. PL_SCR email_attach
50.  
51. C2
52.  
53. sofahuntingslidedine_ shop,
54. culturesketchfinanciall_ shop,
55. triangleseasonbenchwj_ shop,
56. modestessayevenmilwek_ shop,
57. liabilityarrangemenyit_ shop,
58. claimconcessionrebe_ shop,
59. secretionsuitcasenioise_ shop,
60. gemcreedarticulateod_ shop,
61. sofahuntingslidedine_ shop,
62. sofahuntingslidedine_ shop,
63. culturesketchfinanciall_ shop,
64. triangleseasonbenchwj_ shop,
65. modestessayevenmilwek_ shop,
66. liabilityarrangemenyit_ shop,
67. claimconcessionrebe_ shop,
68. secretionsuitcasenioise_ shop,
69. gemcreedarticulateod_ shop,
70. sofahuntingslidedine_ shop,
71. sofahuntingslidedine_ shop,
72. culturesketchfinanciall_ shop,
73. triangleseasonbenchwj_ shop,
74. modestessayevenmilwek_ shop,
75. liabilityarrangemenyit_ shop,
76. claimconcessionrebe_ shop,
77. secretionsuitcasenioise_ shop,
78. gemcreedarticulateod_ shop,
79. sofahuntingslidedine_ shop,
80. sofahuntingslidedine_ shop,
81. sofahuntingslidedine_ shop,
82. culturesketchfinanciall_ shop,
83. triangleseasonbenchwj_ shop,
84. modestessayevenmilwek_ shop,
85. liabilityarrangemenyit_ shop,
86. claimconcessionrebe_ shop,
87. secretionsuitcasenioise_ shop,
88. gemcreedarticulateod_ shop,
89. sofahuntingslidedine_ shop,
90. culturesketchfinanciall_ shop,
91. triangleseasonbenchwj_ shop,
92. modestessayevenmilwek_ shop,
93. liabilityarrangemenyit_ shop,
94. claimconcessionrebe_ shop,
95. secretionsuitcasenioise_ shop,
96. gemcreedarticulateod_ shop,
97. sofahuntingslidedine_ shop,
98. culturesketchfinanciall_ shop,
99. triangleseasonbenchwj_ shop,
100. modestessayevenmilwek_ shop,
101. liabilityarrangemenyit_ shop,
102. claimconcessionrebe_ shop,
103. secretionsuitcasenioise_ shop,
104. gemcreedarticulateod_ shop,
105. sofahuntingslidedine_ shop,
106. culturesketchfinanciall_ shop,
107. triangleseasonbenchwj_ shop,
108. modestessayevenmilwek_ shop,
109. liabilityarrangemenyit_ shop,
110. claimconcessionrebe_ shop,
111. secretionsuitcasenioise_ shop,
112. gemcreedarticulateod_ shop,
113. sofahuntingslidedine_ shop,
114. sofahuntingslidedine_ shop,
115. culturesketchfinanciall_ shop,
116. triangleseasonbenchwj_ shop,
117. modestessayevenmilwek_ shop,
118. liabilityarrangemenyit_ shop,
119. claimconcessionrebe_ shop,
120. secretionsuitcasenioise_ shop,
121. gemcreedarticulateod_ shop,
122. sofahuntingslidedine_ shop,
123. sofahuntingslidedine_ shop,
124. culturesketchfinanciall_ shop,
125. triangleseasonbenchwj_ shop,
126. modestessayevenmilwek_ shop,
127. liabilityarrangemenyit_ shop,
128. claimconcessionrebe_ shop,
129. secretionsuitcasenioise_ shop,
130. gemcreedarticulateod_ shop,
131. sofahuntingslidedine_ shop,
132. sofahuntingslidedine_ shop,
133. culturesketchfinanciall_ shop,
134. triangleseasonbenchwj_ shop,
135. modestessayevenmilwek_ shop,
136. liabilityarrangemenyit_ shop,
137. claimconcessionrebe_ shop,
138. secretionsuitcasenioise_ shop,
139. gemcreedarticulateod_ shop,
140. sofahuntingslidedine_ shop,
141. culturesketchfinanciall_ shop,
142. triangleseasonbenchwj_ shop,
143. modestessayevenmilwek_ shop,
144. liabilityarrangemenyit_ shop,
145. claimconcessionrebe_ shop,
146. secretionsuitcasenioise_ shop,
147. gemcreedarticulateod_ shop,
148. sofahuntingslidedine_ shop
149.  
150. netwrk
151. --------------
152.  
153. comp
154. --------------
155.  
156. proc
157. --------------
158. Challenges + Egypt + Introducing + Widescreen + Band + Clip 20888\Training.pif
159. Hazardous + Extremely + Novels 20888\h
160.  
161. persist
162. --------------
163. n/a
164.  
165. drop
166. --------------
167.  
168. # # # # # # # #
169. additional info
170. # # # # # # # #
171. n/a
172.  
173. # # # # # # # #
174. VT & Intezer
175. # # # # # # # #
176. https://www.virustotal.com/gui/file/3feb0a8123f042428a88b4645f099ff8b4fca2e8f13c3b65b611f1dfb87fe3fc/details
177. https://www.virustotal.com/gui/file/dc18db364243fa2362cba6db1941a3aa2f73475810fffa31f21f69de32ae5160/details
178. https://www.virustotal.com/gui/file/6115d0dc0349f7cbab3fe4b4b769b389a60aab336519d4b42952bb0f0501428f/details
179. https://www.virustotal.com/gui/file/f58d3a4b2f3f7f10815c24586fae91964eeed830369e7e0701b43895b0cefbd3/details
180. https://www.virustotal.com/gui/file/2a6a4bc5d24be31b8a3c2487f083cc5d846f48d6aa2cb1a8850b0bd136d5d517/details
181.  
182. VR