Lumma Stealer on the Rise: How Telegram Channels Are Fueling Malware Proliferation

    Monday, November 25, 2024 In: Threat Research Print

    Date: 11/25/2024

    Severity: High

    Summary

    In the fast-changing cyber landscape, malware threats are constantly evolving, using new tactics and exploiting popular platforms to target victims. One such threat is Lumma Stealer, an information-stealing malware gaining attention through Telegram channels. Leveraging Telegram's widespread use, attackers have turned it into an effective distribution channel, evading traditional detection methods and reaching a broad, unsuspecting audience.

    Indicators of Compromise (IOC) List

    Domains\URLs :

    https://t.me/hitbase

    https://t.me/sharmamod

    marshal-zhukov.com

    Hash :

    000756bedf4e95de6781a4193301123032e987aba33dcd55c5e2a9de20a77418

06715881cd4694a0de28f8d2e3a8cc17939e83a4ca4dee2ebb3078fc25664180

072aa67c14d047621e0065e8529fadd0aac1c1324e10e5d027c10073fffcd023

1724f486563c5715ce1fe989e8f4ca01890970816c5ffc2e5d0221e38cf9fdb9

174690d86d36c648a2d5a595bc8cfae70c157f00c750c36fd1a29f52011af5e2

18aca8b28750c9673f1c467f5eab1bbae4ad6c79f3fe598318c203c8e664d44f

24a32d763e458e5440cb18f87685cc5626bf62cd9c3ca7bab10f0ced629708ee

31a818c75d35bafc58c62c7522503f90be7b684803883e5f07c4cc16f517d1d0

338ec6016db4eb95b15bc0822fc1d745f107ae0739a57b41ef10c9f64b6c8077

3df7a19969e54bd60944372e925ad2fb69503df7159127335f792ad82db7da0b

535650b613161c011086eab9d87189aa637f8575e52442db6e81602e67a2e4f4

61a17a91ce2a98b455a50ff37b33368fe3b2f3a516cf94c5d7b18e386274557b

840a255a184d3e819a07e3749b5e32da84f607ac7025366967d12dac0c5fa859

9be6ea9ab019c7bd59fab7097ceb9cd465a6ae0c6b9a50d55432a0bfb5e1f184

a541b66785534bca646a7691c7a2a5630947ecbd4ee2544b19a5f8347f70f923

ac5c6793354b2be799ce755828d72f65a0c2ea63ccc942208c22e893a251b52c

b53e0759fa11d6d31b837adf5c5ceda40dd01aa331aa42256282f9ca46531f25

ce8e7b2a6222aa8678f0c73bd29a9e3a358f464310002684d7c46b2b9e8dcf23

d31520c4a77f01f0491ef5ecf03c487975182de7264d7dce0fb7988e0cea7248

d67cc175e2bb94e2006f2700c1b052123961f5f64a18a00c8787c4aa6071146f

e71e23ad0e5e8b289f1959579fb185c34961a644d0e24a7466265bef07eab8ec

fa34c20e1de65bfff3c0e60d25748927aa83d3ea9f4029e59aaedb4801220a54

fb60510e8595b773abde86f6f1792890978cd6efc924c187cb664d49ef05a250

fdc6ebf3968cd2dfcc8ad05202a847d7f8b2a70746800fd240e6c5136fcd34f6

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Domains\Urls :

    userdomainname like "https://t.me/hitbase" or url like "https://t.me/hitbase" or userdomainname like "https://t.me/sharmamod" or url like "https://t.me/sharmamod" or userdomainname like "marshal-zhukov.com" or url like "marshal-zhukov.com"

    Hash :

    sha256hash IN ("fdc6ebf3968cd2dfcc8ad05202a847d7f8b2a70746800fd240e6c5136fcd34f6","06715881cd4694a0de28f8d2e3a8cc17939e83a4ca4dee2ebb3078fc25664180","338ec6016db4eb95b15bc0822fc1d745f107ae0739a57b41ef10c9f64b6c8077","d31520c4a77f01f0491ef5ecf03c487975182de7264d7dce0fb7988e0cea7248","072aa67c14d047621e0065e8529fadd0aac1c1324e10e5d027c10073fffcd023","24a32d763e458e5440cb18f87685cc5626bf62cd9c3ca7bab10f0ced629708ee","ce8e7b2a6222aa8678f0c73bd29a9e3a358f464310002684d7c46b2b9e8dcf23","1724f486563c5715ce1fe989e8f4ca01890970816c5ffc2e5d0221e38cf9fdb9","a541b66785534bca646a7691c7a2a5630947ecbd4ee2544b19a5f8347f70f923","61a17a91ce2a98b455a50ff37b33368fe3b2f3a516cf94c5d7b18e386274557b","000756bedf4e95de6781a4193301123032e987aba33dcd55c5e2a9de20a77418","174690d86d36c648a2d5a595bc8cfae70c157f00c750c36fd1a29f52011af5e2","18aca8b28750c9673f1c467f5eab1bbae4ad6c79f3fe598318c203c8e664d44f","31a818c75d35bafc58c62c7522503f90be7b684803883e5f07c4cc16f517d1d0","3df7a19969e54bd60944372e925ad2fb69503df7159127335f792ad82db7da0b","535650b613161c011086eab9d87189aa637f8575e52442db6e81602e67a2e4f4","840a255a184d3e819a07e3749b5e32da84f607ac7025366967d12dac0c5fa859","9be6ea9ab019c7bd59fab7097ceb9cd465a6ae0c6b9a50d55432a0bfb5e1f184","ac5c6793354b2be799ce755828d72f65a0c2ea63ccc942208c22e893a251b52c","b53e0759fa11d6d31b837adf5c5ceda40dd01aa331aa42256282f9ca46531f25","d67cc175e2bb94e2006f2700c1b052123961f5f64a18a00c8787c4aa6071146f","e71e23ad0e5e8b289f1959579fb185c34961a644d0e24a7466265bef07eab8ec","fa34c20e1de65bfff3c0e60d25748927aa83d3ea9f4029e59aaedb4801220a54","fb60510e8595b773abde86f6f1792890978cd6efc924c187cb664d49ef05a250")

    Reference:   

    https://www.mcafee.com/blogs/other-blogs/mcafee-labs/lumma-stealer-on-the-rise-how-telegram-channels-are-fueling-malware-proliferation/ 


    Tags

    MalwareTelegramLumma

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2024 by Gurucul - All rights reserved.