SMARTLOADER TO LUMMA STEALER

Urls/Domain

drawzhotdog.shop

fragnantbui.shop

ghostreedmnu.shop

gravvitywio.store

gutterydhowi.shop

highawaretemptersudwu.xyz

offensivedzvju.shop

reinforcenh.shop

stogeneratmns.shop

vozmeatillu.shop

https://github.com/user-attachments/files/16419475/HWID-Spoofer.zip

https://github.com/user-attachments/files/16461750/Lunar.zip

https://github.com/user-attachments/files/16439914/Solara.zip

https://github.com/user-attachments/files/16624706/Solara.zip

https://github.com/user-attachments/files/16378201/Solara.zip

https://github.com/user-attachments/files/16604911/Celery.zip

https://github.com/user-attachments/files/16624642/Lunar.zip

https://github.com/user-attachments/files/16612167/Cheat.zip

https://github.com/user-attachments/files/16737767/Fluxus.zip

https://github.com/user-attachments/files/16815855/Sentinel.zip

https://github.com/user-attachments/files/16737776/Roexec.zip

https://github.com/user-attachments/files/16830252/Client.zip

https://github.com/user-attachments/files/16737815/Santoware.zip

https://github.com/user-attachments/files/16913125/Software.zip

https://github.com/user-attachments/files/17057089/SolaraV3.zip

https://github.com/user-attachments/files/17063327/Zorara.zip

https://github.com/user-attachments/files/16928413/Cheat.zip

https://github.com/user-attachments/files/17130043/Software.zip

https://github.com/user-attachments/files/16737801/Wave.zip

https://github.com/user-attachments/files/16824318/Lunar.zip

https://github.com/user-attachments/files/16828195/Cheat.zip

https://github.com/user-attachments/files/16737786/Incognito.zip

https://github.com/user-attachments/files/16737756/Nezur.zip

https://github.com/nhioufgaewnofidasjg/Minecraft-Entropy-Client/releases/download/v1.0/Client.zip

https://github.com/azpower90/Lunar-Executor/releases/download/v1.0/Executor.zip

https://github.com/bosxz23/Minecraft-Rise-V6-Client/releases/download/v1.0/Client.zip

https://github.com/skydive1221/Wave-Executor/releases/download/v1.0/Wave.zip

http://ip-api.com/json/

http://212.193.4.66/api/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms

http://github.com/user-attachments/files/17160709/error.json

http://212.193.4.66/task/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms

Hash

f9127bb4981ffef3181cd574220943ab67ae8e105b2f9384a07d097fd0799b99

89f3810779ff691c1e8a1c4293acd4ee7a1b74a202785ecf363ca275dee942b6

473276ea7cd546b7d10dadbfe6d071710695e7c12d3d43d4c97e91999674b896

cec5d299d148ffffe1d02d6a4fc1a2bf5e1ec19a54988b8e1c68334f428b508d

5ad301ad1a6b9cf6c35edf6840884473e7f919ba251df18490de914022331eb8

cbd9226c470efd29143f357e9ee0f6b2d20456041a0b4cb74912ccce9e37f97d

cf31e682396556b5cfc16e660417b9c52da38e543229ccd0430c59c6a6227b79

f9127bb4981ffef3181cd574220943ab67ae8e105b2f9384a07d097fd0799b99

89f3810779ff691c1e8a1c4293acd4ee7a1b74a202785ecf363ca275dee942b6

473276ea7cd546b7d10dadbfe6d071710695e7c12d3d43d4c97e91999674b896

Detection Query 1

userdomainname like "highawaretemptersudwu.xyz" or url like "highawaretemptersudwu.xyz" or userdomainname like "offensivedzvju.shop" or url like "offensivedzvju.shop" or userdomainname like "stogeneratmns.shop" or url like "stogeneratmns.shop" or userdomainname like "gravvitywio.store" or url like "gravvitywio.store" or userdomainname like "gutterydhowi.shop" or url like "gutterydhowi.shop" or userdomainname like "vozmeatillu.shop" or url like "vozmeatillu.shop" or userdomainname like "drawzhotdog.shop" or url like "drawzhotdog.shop" or userdomainname like "https://github.com/user-attachments/files/16419475/HWID-Spoofer.zip" or url like "https://github.com/user-attachments/files/16419475/HWID-Spoofer.zip" or userdomainname like "https://github.com/user-attachments/files/16461750/Lunar.zip" or url like "https://github.com/user-attachments/files/16461750/Lunar.zip" or userdomainname like "https://github.com/user-attachments/files/16439914/Solara.zip" or url like "https://github.com/user-attachments/files/16439914/Solara.zip" or userdomainname like "https://github.com/user-attachments/files/16624706/Solara.zip" or url like "https://github.com/user-attachments/files/16624706/Solara.zip" or userdomainname like "https://github.com/user-attachments/files/16378201/Solara.zip" or url like "https://github.com/user-attachments/files/16378201/Solara.zip" or userdomainname like "https://github.com/user-attachments/files/16604911/Celery.zip" or url like "https://github.com/user-attachments/files/16604911/Celery.zip" or userdomainname like "https://github.com/user-attachments/files/16624642/Lunar.zip" or url like "https://github.com/user-attachments/files/16624642/Lunar.zip" or userdomainname like "https://github.com/user-attachments/files/16612167/Cheat.zip" or url like "https://github.com/user-attachments/files/16612167/Cheat.zip" or userdomainname like "https://github.com/user-attachments/files/16737767/Fluxus.zip" or url like "https://github.com/user-attachments/files/16737767/Fluxus.zip" or userdomainname like "https://github.com/user-attachments/files/16815855/Sentinel.zip" or url like "https://github.com/user-attachments/files/16815855/Sentinel.zip" or userdomainname like "https://github.com/user-attachments/files/16737776/Roexec.zip" or url like "https://github.com/user-attachments/files/16737776/Roexec.zip" or userdomainname like "https://github.com/user-attachments/files/16830252/Client.zip" or url like "https://github.com/user-attachments/files/16830252/Client.zip" or userdomainname like "https://github.com/user-attachments/files/16737815/Santoware.zip" or url like "https://github.com/user-attachments/files/16737815/Santoware.zip" or userdomainname like "https://github.com/user-attachments/files/16913125/Software.zip" or url like "https://github.com/user-attachments/files/16913125/Software.zip" or userdomainname like "https://github.com/user-attachments/files/17057089/SolaraV3.zip" or url like "https://github.com/user-attachments/files/17057089/SolaraV3.zip" or userdomainname like "https://github.com/user-attachments/files/17063327/Zorara.zip" or url like "https://github.com/user-attachments/files/17063327/Zorara.zip" or userdomainname like "https://github.com/user-attachments/files/16928413/Cheat.zip" or url like "https://github.com/user-attachments/files/16928413/Cheat.zip" or userdomainname like "https://github.com/user-attachments/files/17130043/Software.zip" or url like "https://github.com/user-attachments/files/17130043/Software.zip" or userdomainname like "https://github.com/user-attachments/files/16737801/Wave.zip" or url like "https://github.com/user-attachments/files/16737801/Wave.zip" or userdomainname like "https://github.com/user-attachments/files/16824318/Lunar.zip" or url like "https://github.com/user-attachments/files/16824318/Lunar.zip" or userdomainname like "https://github.com/user-attachments/files/16828195/Cheat.zip" or url like "https://github.com/user-attachments/files/16828195/Cheat.zip" or userdomainname like "https://github.com/user-attachments/files/16737786/Incognito.zip" or url like "https://github.com/user-attachments/files/16737786/Incognito.zip" or userdomainname like "https://github.com/user-attachments/files/16737756/Nezur.zip" or url like "https://github.com/user-attachments/files/16737756/Nezur.zip" or userdomainname like "https://github.com/nhioufgaewnofidasjg/Minecraft-Entropy-Client/releases/download/v1.0/Client.zip" or url like "https://github.com/nhioufgaewnofidasjg/Minecraft-Entropy-Client/releases/download/v1.0/Client.zip" or userdomainname like "https://github.com/azpower90/Lunar-Executor/releases/download/v1.0/Executor.zip" or url like "https://github.com/azpower90/Lunar-Executor/releases/download/v1.0/Executor.zip" or userdomainname like "https://github.com/bosxz23/Minecraft-Rise-V6-Client/releases/download/v1.0/Client.zip" or url like "https://github.com/bosxz23/Minecraft-Rise-V6-Client/releases/download/v1.0/Client.zip" or userdomainname like "https://github.com/skydive1221/Wave-Executor/releases/download/v1.0/Wave.zip" or url like "https://github.com/skydive1221/Wave-Executor/releases/download/v1.0/Wave.zip" or userdomainname like "http://ip-api.com/json" or url like "http://ip-api.com/json" or userdomainname like "http://212.193.4.66/api/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms" or url like "http://212.193.4.66/api/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms" or userdomainname like "http://github.com/user-attachments/files/17160709/error.json" or url like "http://github.com/user-attachments/files/17160709/error.json" or userdomainname like "http://212.193.4.66/task/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms" or url like "http://212.193.4.66/task/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms"

Detection Query 2

sha256hash IN ("f9127bb4981ffef3181cd574220943ab67ae8e105b2f9384a07d097fd0799b99","473276ea7cd546b7d10dadbfe6d071710695e7c12d3d43d4c97e91999674b896","cbd9226c470efd29143f357e9ee0f6b2d20456041a0b4cb74912ccce9e37f97d","89f3810779ff691c1e8a1c4293acd4ee7a1b74a202785ecf363ca275dee942b6","cec5d299d148ffffe1d02d6a4fc1a2bf5e1ec19a54988b8e1c68334f428b508d","5ad301ad1a6b9cf6c35edf6840884473e7f919ba251df18490de914022331eb8","cf31e682396556b5cfc16e660417b9c52da38e543229ccd0430c59c6a6227b79","f9127bb4981ffef3181cd574220943ab67ae8e105b2f9384a07d097fd0799b99","89f3810779ff691c1e8a1c4293acd4ee7a1b74a202785ecf363ca275dee942b6","473276ea7cd546b7d10dadbfe6d071710695e7c12d3d43d4c97e91999674b896")