IDP Signatures
79649 MALWARE.SMARTLOADER.INSTALLS.LUMMASTEALER.INFECTION.M
Back to list| Signature Id | 79649 |
| Name | MALWARE.SMARTLOADER.INSTALLS.LUMMASTEALER.INFECTION.M |
| Group | IPS MALWARE GENERAL |
| Issued | 2024-11-21 |
| Last Updated | 2024-11-28 |
| Description | The infection chain begins with a zip archive hosted on a private GitHub account named "user-attachments," containing four essential files: compiler.exe, conf.txt, Launcher.bat, and lua51.dll. When Launcher.bat is executed, it runs compiler.exe with conf.txt, initiating the infection process. This leads to the deployment of SmartLoader, which subsequently installs the Lumma Stealer. Each zip archive contains files with consistent names but differing hashes and sizes. |