← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Malware Distributed Using Falcon Sensor Update Phishing Lure
WHITE AlienVault 2024-07-29 Modified: 2024-07-29
36
IOCs
MEDIUM VOLUME
CrowdStrike Intelligence uncovered a phishing campaign impersonating CrowdStrike and distributing malicious files containing a Microsoft Installer (MSI) loader. The loader executes the commodity stealer 'Lumma Stealer' packed with 'CypherIt'. This campaign is likely linked to a previous 'Lumma Stealer' distribution effort leveraging advanced social engineering techniques. The malware evades detection by terminating if security products are detected, and employs multiple layers of obfuscation. It ultimately connects to command and control servers to exfiltrate stolen data.
phishingstealerlumma stealermalspamlumma
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Lumma Stealer
Indicators of Compromise (36)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 6ee7ddebff0a2b78c7ac30f6e00d1d11 2024-07-29
FileHash-MD5 8a9baf0bf2ffabd39007a630a430a29b 2024-07-29
FileHash-SHA1 c98eee5919b9ebe871a116027d40f42f9bf267f8 2024-07-29
FileHash-SHA1 f2f57024c7cc3f9ff5f999ee20c4f5c38bfc20a2 2024-07-29
FileHash-SHA256 1e06ef09d9e487fd54dbb70784898bff5c3ee25d87f468c9c5d0dfb8948fb45c 2024-07-29
FileHash-SHA256 280900902df7bb855b27614884b369e5e0da25ff22efacc59443a4f593ccd145 2024-07-29
FileHash-SHA256 2856b7d3948dfb5231056e52437257757839880732849c2e2a35de3103c64768 2024-07-29
FileHash-SHA256 3ed535bbcd9d4980ec8bc60cd64804e9c9617b7d88723d3b05e6ad35821c3fe7 2024-07-29
FileHash-SHA256 50f9c384443a40d15a6e74960f1ba75dcf741eabdb5713bd2eba453a6aad81e5 2024-07-29
FileHash-SHA256 56f2aedb86d26da157b178203cec09faff26e659f6f2be916597c9dd4825d69f 2024-07-29
FileHash-SHA256 6217436a326d1abcd78a838d60ab5de1fee8a62cda9f0d49116f9c36dc29d6fa 2024-07-29
FileHash-SHA256 66ad1c04ebb970f2494f2f30b45d6a83c2f3a2bb663565899f57bb5422851518 2024-07-29
FileHash-SHA256 6ec39c6eee15805ef3098af7ae172517a279b042fc6c323ebf1aef8f8f2b21be 2024-07-29
FileHash-SHA256 865347471135bb5459ad0e647e75a14ad91424b6f13a5c05d9ecd9183a8a1cf4 2024-07-29
FileHash-SHA256 922b1f00115dfac831078bb5e5571640e95dbd0d6d4022186e5aa4165082c6b2 2024-07-29
FileHash-SHA256 a992cee863a4668698af92b4f9bd427d7a827996bf09824b89beff21578b49bd 2024-07-29
FileHash-SHA256 aca54f9f5398342566e02470854aff48c53659be0c0cb83d3ce1fd05430375f8 2024-07-29
FileHash-SHA256 b5c0610bc01cfc3dafc9c976cb00fe7240430f0d03ec5e112a0b3f153f93b49a 2024-07-29
FileHash-SHA256 bb7a19963b422ed31b0b942eeaad7388421bc270a8513337f8ec043a84a4f11c 2024-07-29
FileHash-SHA256 c1e27b2e7db4fba9f011317ff86b0d638fe720b945e933b286bb3cf6cdb60b6f 2024-07-29
FileHash-SHA256 c3e50ca693f88678d1a6e05c870f605d18ad2ce5cfec6064b7b2fe81716d40b0 2024-07-29
FileHash-SHA256 d669078a7cdcf71fb3f2c077d43f7f9c9fdbdb9af6f4d454d23a718c6286302a 2024-07-29
FileHash-SHA256 e6b00ee585b008f110829df68c01a62d3bfac1ffe7d65298c8a4e4109b8a7319 2024-07-29
FileHash-SHA256 e9cd2429628e3955dd1f7c714fbaa3e3b85bfaac0bc31582cf9c5232cb8fc352 2024-07-29
domain callosallsaospz.shop 2024-07-29
domain crowdstrike-office365.com 2024-07-29
domain iiaiyitre.pa 2024-07-29
domain indexterityszcoxp.shop 2024-07-29
domain lariatedzugspd.shop 2024-07-29
domain liernessfornicsa.shop 2024-07-29
domain outpointsozp.shop 2024-07-29
domain shepherdlyopzc.shop 2024-07-29
domain unseaffarignsk.shop 2024-07-29
domain upknittsoappz.shop 2024-07-29
domain warrantelespsz.shop 2024-07-29
hostname go.microsoft.crowdstrike-office365.com 2024-07-29
References (1)
↗ https://www.crowdstrike.com/blog/lumma-stealer-with-cypherit-phishing-lure/