Lummac2 Stealer

Malware updated a month ago (2024-11-29T14:53:36.707Z)
Download STIX
Preview STIX
LummaC2 Stealer is a type of malware that has gained significant attention due to its capacity to steal sensitive information, including digital wallets and user credentials. It can even target two-factor authentication (2FA) browser extensions, making it particularly threatening. Over the past year, this malicious software has been found in new malware such as SVCReady, CargoBay, Matanbuchus, Pikabot, Aresloader, Vidar, Minodo, and others. The ESET Threat Report highlighted a 68% surge in detections of malware designed to steal cryptocurrency from users' wallets, known as cryptostealers, from H1 to H2 2023, with LummaC2 Stealer being one of the most prevalent. The malware has been linked to certain files that lead to infection. Notably, the "phoneoutsourcing.exe" file is associated with the RisePro stealer, while the "647887023.png" file leads to infection with LummaC2 Stealer. In one instance, a program called FakeBat was found to drop LummaC2 Stealer into systems. Once installed, the malware operates covertly, often without the user's knowledge. A decrypted payload identified as LummaC2 Stealer was discovered with the user ID: 9zXsP2. Recent updates to LummaC2 Stealer have further increased its threat level by incorporating a novel trigonometry-based anti-sandbox technique. This technique enables the malware to lay dormant until it detects "human" behavior in the infected machine, thereby evading automated detection methods. This sophisticated approach demonstrates the evolving capabilities of malware creators and underscores the need for robust cybersecurity measures to protect against these threats.
Description last updated: 2024-11-11T14:47:37.820Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Lummac2 is a possible alias for Lummac2 Stealer. LummaC2 is a malicious software (malware) that was initially identified in Russian-speaking forums in 2022. The malware, written in C and distributed as Malware-as-a-Service (MaaS), has been actively developed over time, with researchers noting that LummaC2 4.0 operates as a dynamic malware strain.
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Lummac2 Stealer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more