Sample

Metadata

SHA256: 3d1a4b9e37868f54e7e7eb98aae0203e2c50b2977170e0006cd3cbcb071c6b94
Difficulty: medium
Platform: Windows
Tags: lummastealer powershell vbscript hta loader
Likes: 0
Views: 2
Submitter: struppigel

Analysis

Goal

Build a binary refinery pipeline or CyberChef recipe that extracts the download URL from the loader.

Description

LummaStealer loader that consists multiple layers VBScript and PowerShell. The last layer contains the download URL.

Recommended Tools

cyberchef binary refinery

Solutions

Binary Refinery URL Extraction of Multi-Layered PoshLoader for LummaStealer Reference by struppigel

Image

Sample image

Video

Solution by struppigel: Binary Refinery URL Extraction of Multi-Layered PoshLoader for LummaStealer

Comments

Please login to view and post comments.