← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
LummaStealer 2.0: Enhanced Evasion Techniques and Widespread Impact
WHITE PetrP.73 2025-04-23 Modified: 2025-05-23
59
IOCs
HIGH VOLUME
LummaStealer 2.0, a sophisticated Malware-as-a-Service (MaaS), has evolved with enhanced evasion techniques, targeting a wide range of Windows systems. The latest version leverages MSHTA process abuse to execute remote code, bypassing defense mechanisms and increasing the likelihood of successful attacks. LummaStealer collects sensitive data, including credentials, cookies, cryptocurrency wallets, and other personally identifiable information.
domain c2intptrhash executablefygoint32lumma stealernoopdoorpowershellassemblybitcoin
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (16 / 59 total)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 0551cdbf681c7ce31754247291dc550df0807cee 2025-04-23
FileHash-SHA1 279ec364b8bc3244335c47ed2586d387e448ac7b 2025-04-23
FileHash-SHA1 30b18eb4082b8842fea862c2860255edafc838ab 2025-04-23
FileHash-SHA1 60e30eaeedc7abb079fd7e6d2d8f486de5a9af38 2025-04-23
FileHash-SHA1 79d7a6e7441d478fc81638e6ed458e898e0ebf2b 2025-04-23
FileHash-SHA1 88958d7c9749b7d085ee28d9fa50151a505eba09 2025-04-23
FileHash-SHA1 8b0f45b361b9b74a5e4383d692e281a59f44f508 2025-04-23
FileHash-SHA1 8bb8f2324aa1aca4da6fbea5cdaad4f66263b545 2025-04-23
FileHash-SHA1 a2840e3927351244f253d54389a66342a4f6be33 2025-04-23
FileHash-SHA1 b133d42502750817aa8e88119ff36158d2f8ecee 2025-04-23
FileHash-SHA1 b9ff81cc8ad9e4d30df66fe520d1a0f5231902a6 2025-04-23
FileHash-SHA1 d896764e7ce9e8685ce4e11aa49d556f8a23a547 2025-04-23
FileHash-SHA1 decd01a95a05f557720e62ada86fa929f4687e88 2025-04-23
FileHash-SHA1 ded3ed8724e5913d341b3eaca9bd9f47f0e4a4a2 2025-04-23
FileHash-SHA1 ef85ba125184cbb92b3abf780fa9dbf0a1f1d4d0 2025-04-23
FileHash-SHA1 f2ec439b1f1b8d7dcc38d979bcf6ad64fe437122 2025-04-23
References (1)
↗ https://www.cybereason.com/blog/threat-analysis-lummastealer-2.0