Pulse Detail — Threat Intelligence

PULSE NAME

Your Data Is Under New Management: The Rise of LummaStealer

WHITE AlienVault 2024-12-18 Modified: 2025-01-17

IOCs

MEDIUM VOLUME

LummaStealer, a relatively new information-stealing malware, has gained prominence since 2022 for its ability to collect sensitive data from Windows systems. Marketed as Malware-as-a-Service (MaaS) on underground forums, it targets individuals, cryptocurrency users, and small to medium-sized businesses. The malware employs various infection vectors, including phishing emails, cracked software, and malicious downloads. It harvests credentials, cookies, cryptocurrency wallets, and system information, exfiltrating data to remote servers. Recent campaigns have shown increased sophistication in social engineering tactics and the use of legitimate platforms like Steam and Dropbox to evade detection. The malware's accessibility through MaaS has made it popular among diverse threat actors, complicating attribution efforts.

phishing social engineering Malware-as-a-Service (MaaS)Python LummaStealer

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1204.002 T1566.002 T1119 T1608.001 T1583.001 T1588.001 T1041 T1059.001 T1547.001 T1059.006 T1132 T1189 T1059.005 T1574.002 T1204.001 T1566.003

MALWARE FAMILIES

LummaStealer

Indicators of Compromise (36)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	3e35a7a3203cc7726ce4e9f7f30806ef	—	2024-12-18
FileHash-MD5	3f58a517f1f4796225137e7659ad2adb	—	2024-12-18
FileHash-MD5	477264c48dbbc071190a6c7fc22cbb9c	—	2024-12-18
FileHash-MD5	4b7f5578a6189b71b5f2d81f30a948f4	—	2024-12-18
FileHash-MD5	870feaab725b148208dd12ffabe33f9d	—	2024-12-18
FileHash-MD5	cbf6c2a14cba45f95569c9d011219518	—	2024-12-18
FileHash-MD5	e74b1e485e42e8ba7a65ab6927e872a5	—	2024-12-18
FileHash-SHA1	128a085b84667420359bfd5b7bad0a431ca89e35	—	2024-12-18
FileHash-SHA1	594d61532fb2aea88f2e3245473b600d351ee398	—	2024-12-18
FileHash-SHA1	99b8464e2aabff3f35899ead95dfac83f5edac51	—	2024-12-18
FileHash-SHA1	9f3651ad5725848c880c24f8e749205a7e1e78c1	—	2024-12-18
FileHash-SHA1	a01fa9facf3a13c5a9c079d79974842abff2a3f2	—	2024-12-18
FileHash-SHA1	afdefcd9eb251202665388635c0109b5f7b4c0a5	—	2024-12-18
FileHash-SHA1	bfc1422d1c5351561087bd3e6d82ffbad5221dae	—	2024-12-18
FileHash-SHA1	c07e49c362f0c21513507726994a9bd040c0d4eb	—	2024-12-18
FileHash-SHA1	e264ba0e9987b0ad0812e5dd4dd3075531cfe269	—	2024-12-18
FileHash-SHA1	f2c37ad5ca8877186c846b6dfb2cb761f5353305	—	2024-12-18
FileHash-SHA1	f89f91e33bf59d0a07dfb1c4d7246d74a05dd67d	—	2024-12-18
FileHash-SHA256	1c2ec4c72c2f31a327b6ba4dfe27a607d311578e25d96cf34c54845eea986f36	—	2024-12-18
FileHash-SHA256	1da298cab4d537b0b7b5dabf09bff6a212b9e45731e0cc772f99026005fb9e48	—	2024-12-18
FileHash-SHA256	2468e5bb596fa4543dba2adfe8fd795073486193b77108319e073b9924709a8a	—	2024-12-18
FileHash-SHA256	3aa011528c4d261a82a0698a5be19d47c4114e2443b93617978fe7f34957930f	—	2024-12-18
FileHash-SHA256	bbf7154f14d736f0c8491fb9fb44d2f179cdb02d34ab54c04466fa0702ea7d55	—	2024-12-18
FileHash-SHA256	c28c1d76b1937373be1b5d5455e2accf3698c41cb3815d01209b232e82b6dae0	—	2024-12-18
domain	carrtychaintnyw.shop	—	2024-12-18
domain	clicktogo.click	—	2024-12-18
domain	complainnykso.shop	—	2024-12-18
domain	conservaitiwo.shop	—	2024-12-18
domain	crowdstrike-office365.com	—	2024-12-18
domain	matteryshzh.cfd	—	2024-12-18
domain	naggersanimism.shop	—	2024-12-18
domain	pardaoboccia.shop	—	2024-12-18
domain	proffoduwnuq.shop	—	2024-12-18
domain	quotamkdsdqo.shop	—	2024-12-18
domain	steppyplantnw.shop	—	2024-12-18
hostname	a3.bigdownloadtech.shop	—	2024-12-18

References (1)

↗ https://www.cybereason.com/blog/threat-analysis-rise-of-lummastealer