Not All Fun and Games: Lua Malware Targets Educational Sector and Student Gaming Engines

Oct. 9, 2024, 4:05 p.m.

Tags
ransomware
powershell
redline
lua script
compiler
redline stealer
2024-10-09
morphisec
lua malware
lua loader
c2 lua
windows servers
linux server
prometheus
crypter
External References
Description

Over the past year, the delivery of Lua malware appears to have undergone simplification, possibly to reduce exposure to detection mechanisms. The malware is frequently delivered using obfuscated Lua scripts instead of compiled Lua bytecode, as the latter can trigger suspicion more easily.

Date

Published: Oct. 9, 2024, 3:37 p.m.

Created: Oct. 9, 2024, 3:37 p.m.

Modified: Oct. 9, 2024, 4:05 p.m.

Indicators

e09370c9adc09c15eb8d05301bd3c74ef76e98b8a2fa2089df9c4ec5d7b4e047

b3ecbe4132598ef746e2111ba29f46af06886677d18595b6845849577121707a

afd731bb658525845c8ee4216b05ce0c9c8b2e8b745884fbefeb01ef331163a1

aecdaa94885c3fcd856c3516311bf366ac5ee13b43c28560eadc1f637efcf432

9aacf8f59b8daff24161549378c95174dac40b2fb01d7b8a78b513d3d35f6411

98418f7079cc11970899a18098425d22414663301dbbad1c892a8c702b90223f

8e59a9de633fc1e0a9da10268c606b898e7d5a6645ee21851465e027aefbaec9

3b515469aba46a0a08d8fcbd8feb98ce9bcebfa1a48d56be586dc9aa4584c0c2

308721f4dc7818aed5f0282a3efa5944c1d16e97b0cb3bb5786009a186ea9791

77.73.129.64

212.193.4.66

185.236.228.12

185.221.198.82

185.208.158.36

146.19.128.146

Download all indicators here!

Attack Patterns

Lua

T1113

T1573

T1102

T1027

T1059

Additional Informations

Gaming