Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA
Oct. 21, 2024, 4:24 p.m.
Tags
External References
Description
Lumma Stealer, a sophisticated information-stealing malware, has evolved its tactics to employ fake CAPTCHA verification for payload delivery. The malware exploits legitimate software and uses multi-stage fileless techniques to evade detection. Its infection chain involves PowerShell scripts, process hollowing, and the abuse of Windows tools like mshta.exe. Lumma Stealer targets sensitive data, including passwords, browser information, and cryptocurrency wallet details. The campaign analysis reveals the malware's deceptive methods, from initial infection to data exfiltration. The threat actors utilize Content Delivery Networks for payload delivery and command and control servers for data exfiltration.
Date
Published: Oct. 21, 2024, 3:16 p.m.
Created: Oct. 21, 2024, 3:16 p.m.
Modified: Oct. 21, 2024, 4:24 p.m.
Indicators
d8b7c7178fbadbf169294e4f29dce582f89a5cf372e9da9215aa082330dc12fd
ca5c90bb87d4cb3e008cf85c2af5ef8b198546586b6b3c50cd00d3e02514e8b8
92f31b07a70b98bd4f9e24e94acf10f7ac83cb2b642ca41c8bde147c9295588b
7fbbbfb9a886e43756b705317d3dff3bc0b1698007512d4c42d9df9c955780ce
867a63971c9e09e9f941d839d7ed328a4cdfea2fe985488e7d96bc0b31a34de2
7d6ee310f1cd4512d140c94a95f0db4e76a7171c6a65f5c483e7f8a08f7efe78
7514d84ca507562a346896ff48a57d1d475f3cfed16e5e6abefd33a97c6323b9
44fe887d10886aa8bbe8232fee270c21992aba9db959f58ebaea348af45e087a
432a473f21a57610df93773a79ae94365d6c2b6aa1555123bfdd658a6f28cf2f
3f4d33bc3402326c72db9ff484cccb929df458ca44b389ce1c505a3f237d23a4
2e56b42cf272f55cb3c8ed67245babb70b995d5b86863017fc846a68244b5773
1cb6b6b1f0889771b740a22f119688e427be00de41e5a9440b2a85940b71396b
08f30ece5f7e77a69e58a970b3684c2a0eba1aa203ac97836dad32fc10a15e90
04beac6c1d6023442f94eebe4cdcec11bc47e0a89ec38ba2eb0584d741f8806d
Attack Patterns
Lumma Stealer
Lumma Stealer
T1217
T1218.005
T1055.012
T1059.003
T1059.001
T1057
T1083
T1204
T1041
T1566