← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
LummaStealer 2.0: Enhanced Evasion Techniques and Widespread Impact
WHITE PetrP.73 2025-04-23 Modified: 2025-05-23
59
IOCs
HIGH VOLUME
LummaStealer 2.0, a sophisticated Malware-as-a-Service (MaaS), has evolved with enhanced evasion techniques, targeting a wide range of Windows systems. The latest version leverages MSHTA process abuse to execute remote code, bypassing defense mechanisms and increasing the likelihood of successful attacks. LummaStealer collects sensitive data, including credentials, cookies, cryptocurrency wallets, and other personally identifiable information.
domain c2intptrhash executablefygoint32lumma stealernoopdoorpowershellassemblybitcoin
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (6 / 59 total)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 072ea02fabcc29314c4a5aac4c3e6c72 MD5 of 279ec364b8bc3244335c47ed2586d387e448ac7b 2025-04-23
FileHash-MD5 30df5bd13b9666d14a13cdc7960803f5 MD5 of 88958d7c9749b7d085ee28d9fa50151a505eba09 2025-04-23
FileHash-MD5 49434457727243754f7361764b4d4679 2025-04-23
FileHash-MD5 b775351f7a697d6deb1d440dc12d9761 MD5 of b133d42502750817aa8e88119ff36158d2f8ecee 2025-04-23
FileHash-MD5 c44b2e323b4164c50ca6a4f1d55c7504 MD5 of ded3ed8724e5913d341b3eaca9bd9f47f0e4a4a2 2025-04-23
FileHash-MD5 e62cce9a08224552b513d24397cb4413 2025-04-23
References (1)
↗ https://www.cybereason.com/blog/threat-analysis-lummastealer-2.0