2026-01-01: Lumma Stealer infection with follow-up malware

2026-01-01: Lumma Stealer infection with follow-up malware
好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内。首先，我得仔细阅读用户提供的文章内容，了解主要信息。文章标题是“2026-01-01 (星期四): LUMMA Stealer 感染及后续恶意软件”。看起来这篇文章是关于LUMMA Stealer的感染情况以及随之而来的恶意软件活动。文章中提到了一些相关的文件，比如带有密码保护的ZIP文件，还有具体的恶意软件样本信息，如SHA256哈希值、文件大小和类型。接下来，文章详细描述了LUMMA Stealer的安装程序如何在受感染的Windows主机上临时保存文件，包括AutoIt3.exe和其他脚本文件。此外，还提到了LUMMA Stealer与C2服务器之间的通信流量，以及后续恶意软件的网络活动，涉及多个域名和HTTPS流量。用户的要求是用中文总结内容，控制在100字以内，并且不需要特定的开头。因此，我需要提取关键点：LUMMA Stealer感染、后续恶意软件、相关文件、C2通信和网络活动。现在将这些要点浓缩成简洁的语言：描述LUMMA Stealer感染事件及其后续恶意软件活动，包括相关文件、C2通信和网络行为。最后检查字数是否符合要求，并确保语言流畅自然。 </think> 文章描述了LUMMA Stealer感染事件及其后续恶意软件活动，包括相关文件、C2通信和网络行为。 2026-1-1 21:31:0 Author: www.malware-traffic-analysis.net(查看原文) 阅读量:0 收藏

2026-01-01 (THURSDAY): LUMMA STEALER INFECTION WITH FOLLOW-UP MALWARE

NOTICE:

Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website.

ASSOCIATED FILES:

2026-01-01-IOCs-for-Lumma-Stealer-and-follow-up-malware.txt.zip 1.1 kB (1,054 bytes)
2026-01-01-Lumma-Stealer-infection-with-follow-up-malware.pcap.zip 4.5 MB (4,501,606 bytes)
2026-01-01-files-from-the-infection.zip 19.4 MB (19,373,875 bytes)

2026-01-01 (THURSDAY): LUMMA STEALER INFECTION WITH FOLLOW UP MALWARE

EXAMPLE OF LUMMA STEALER EXE:

- SHA256 hash: 07b8e705a0017ab1df5ffabc1fc7fb0a4d0738e98235b5725e47bb9d5229c5c4
- File size: 31,720,900 bytes
- File type: PE32 executable (GUI) Intel 80386, for MS Windows
- File name: application .exe
- File desecription: Installer EXE for Lumma Stealer
- Note: Original file was 900 MB with null byte padding; this has most of the padding removed.

FILES TEMPORARILY SAVED TO AN INFECTED WINDOWS HOST BY THE INSTALLER:

- C:\Users\[username]\AppData\Local\Temp\IXP000.TMP\645429\Treat.exe  <-- copy of AutoIt3.exe

- C:\Users\[username]\AppData\Local\Temp\IXP000.TMP\Auction
- C:\Users\[username]\AppData\Local\Temp\IXP000.TMP\Mono
- C:\Users\[username]\AppData\Local\Temp\IXP000.TMP\Portraits
- C:\Users\[username]\AppData\Local\Temp\IXP000.TMP\Uniform

- C:\Users\[username]\AppData\Local\Temp\IXP000.TMP\Finish.accde  <-- script to build Lumma Stealer .a3x file
- C:\Users\[username]\AppData\Local\Temp\IXP000.TMP\Lifetime.accde
- C:\Users\[username]\AppData\Local\Temp\IXP000.TMP\Omega.accde
- C:\Users\[username]\AppData\Local\Temp\IXP000.TMP\Refugees.accde
- C:\Users\[username]\AppData\Local\Temp\IXP000.TMP\Tries.accde

AUTOIT3 SCRIPT (.A3X) FOR LUMMA STEALER CREATED BY THE INSTALLER:

- SHA256 hash: 477bb335e2512e4a6b24b9b4ba6811e3d318bfa77d7665fec93e8d13a7bd820b
- File size: 762,960 bytes
- File type: data

LUMMA STEALER C2 TRAFFIC:

- offenms[.]cyou - HTTP and HTTPS traffic

TRAFFIC FOR FOLLOW-UP MALWARE:

- hxxps[:]//pastebin[.]com/raw/pr8gCLAA
- memory-scanner[.]cc - HTTPS traffic
- communicationfirewall-security[.]cc - HTTPS traffic

IMAGES

Shown above: Traffic from an infection filtered in Wireshark.

Click here to return to the main page.

文章来源: https://www.malware-traffic-analysis.net/2026/01/01/index.html
如有侵权请联系:admin#unsafe.sh