Lummac2 Stealer

Malware updated 13 days ago (2024-11-11T15:01:52.149Z)

Download STIX

Preview STIX

LummaC2 Stealer is a type of malware that has gained significant attention due to its capacity to steal sensitive information, including digital wallets and user credentials. It can even target two-factor authentication (2FA) browser extensions, making it particularly threatening. Over the past year, this malicious software has been found in new malware such as SVCReady, CargoBay, Matanbuchus, Pikabot, Aresloader, Vidar, Minodo, and others. The ESET Threat Report highlighted a 68% surge in detections of malware designed to steal cryptocurrency from users' wallets, known as cryptostealers, from H1 to H2 2023, with LummaC2 Stealer being one of the most prevalent. The malware has been linked to certain files that lead to infection. Notably, the "phoneoutsourcing.exe" file is associated with the RisePro stealer, while the "647887023.png" file leads to infection with LummaC2 Stealer. In one instance, a program called FakeBat was found to drop LummaC2 Stealer into systems. Once installed, the malware operates covertly, often without the user's knowledge. A decrypted payload identified as LummaC2 Stealer was discovered with the user ID: 9zXsP2. Recent updates to LummaC2 Stealer have further increased its threat level by incorporating a novel trigonometry-based anti-sandbox technique. This technique enables the malware to lay dormant until it detects "human" behavior in the infected machine, thereby evading automated detection methods. This sophisticated approach demonstrates the evolving capabilities of malware creators and underscores the need for robust cybersecurity measures to protect against these threats.

Description last updated: 2024-11-11T14:47:37.820Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Lummac2 is a possible alias for Lummac2 Stealer. LummaC2 is a malicious software (malware) that was initially identified in Russian-speaking forums in 2022. The malware, written in C and distributed as Malware-as-a-Service (MaaS), has been actively developed over time, with researchers noting that LummaC2 4.0 operates as a dynamic malware strain.	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Lummac2 Stealer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Malwarebytes	13 days ago	Hello again, FakeBat: popular loader returns after months-long hiatus \| Malwarebytes
CERT-EU	a year ago	Xenomorph Malware Strikes Again: Over 30+ US Banks Now Targeted
ESET	7 months ago	Bitcoin scams, hacks and heists – and how to avoid them
CERT-EU	a year ago	ClearFake Campaign Expands to Target Mac Systems with Atomic Stealer
SecurityIntelligence.com	a year ago	The Trickbot/Conti Crypters: Where Are They Now?