Rewterz Threat Alert – Lumma Stealer Malware aka LummaC – Active IOCs

Severity

High

Analysis Summary

Lumma is an information stealer that is sold as a Malware-as-a-Service (MaaS) on Russian-speaking underground forums and Telegram. Lumma is an information stealer, which means its primary purpose is to steal sensitive data from infected systems. Lumma is written in the C programming language, which allows for efficient and low-level access to system resources. It is distributed as a service by LummaC, the seller, on Russian-speaking underground forums and Telegram channels. Lumma places a particular emphasis on stealing cryptocurrency wallets. This indicates that the malware is designed to target and extract sensitive information related to cryptocurrency, such as private keys or wallet.dat files. In addition to its focus on cryptocurrency wallets, Lumma also possesses file grabber capabilities.

To protect against Lumma Stealer and similar threats, it is essential to follow security best practices. This includes regularly updating software and operating systems, using strong and unique passwords, implementing multi-factor authentication, exercising caution when opening email attachments or clicking on suspicious links, and using reputable antivirus/anti-malware solutions. Security awareness training can also help users recognize and avoid phishing attempts.

Impact

• Data Exfiltration
• Credential Theft
• Information Theft
• Financial Loss

Indicators of Compromise

MD5

• b1b868b94a81a67afbc9b6a84459c718
• aaa0677a747bc0f6d6e2192209a52ebd
• 68e8f4fad5d439bdf80e51fe1388a17a
• b4c088690e9339eac442189b8bfd915c

SHA-256

• e745e151ab38be7cea50e6d2f4143eaea729876180e8f773ef0c157063d26455
• 9656559ba6495dad4638722343efd32e08235bbf3989954d5bc40a57445a28e4
• 45f0395fd534b795e2cbcf9708455f838cabb7e3535aa517c32cd5ea64c9f75f
• 99cc32805cca71b6d308ad3d4c228bd0a1d8968efbeb05cf8243ec4b767b3ff7

SHA-1

• 112582ec3b1b697804e3e9d8079dd298ef145e78
• 5e5d96ad64d417194eef4f755f11ad288abde2cd
• cc9420c58c27766cedd1634e6d02a58c43a9400b
• 9babdb74a746b612e2c6ba1c3c8a3208f2880777

Remediation

• Block all threat indicators at your respective controls.
• Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
• Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
• Maintain Offline Backups – In a ransomware attack, the adversary will often delete or encrypt backups if they have access to them. That’s why it’s important to keep offline (preferably off-site), encrypted backups of data and test them regularly.
• Emails from unknown senders should always be treated with caution.
• Never trust or open ” links and attachments received from unknown sources/senders.
• Patch and upgrade any platforms and software timely and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.
• Along with network and system hardening, code hardening should be implemented within the organization so that their websites and software are secure. Use testing tools to detect any vulnerabilities in the deployed codes.
• Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using multi-layered protection is necessary to secure vulnerable assets