216.73.217.22

Malware Distributed Using Falcon Sensor Update Phishing Lure

· Published 29/07/2024 11:40 · Modified 29/07/2024 12:04

Export JSON

Essential information

Published
29/07/2024 11:40
Modified
29/07/2024 12:04
Tags
2024-07-29 lumma lumma stealer malspam phishing stealer
Related entities
32 observables, 5 techniques (mitre), 1 malware

Description

CrowdStrike Intelligence uncovered a campaign impersonating CrowdStrike and distributing malicious files containing a Microsoft Installer (MSI) loader. The loader executes the commodity '' packed with 'CypherIt'. This campaign is likely linked to a previous '' distribution effort leveraging advanced social engineering techniques. The malware evades detection by terminating if security products are detected, and employs multiple layers of obfuscation. It ultimately connects to command and control servers to exfiltrate stolen data.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Observables (32)

  • go.microsoft.crowdstrike-office365.com
  • warrantelespsz.shop
  • iiaiyitre.pa
  • crowdstrike-office365.com
  • unseaffarignsk.shop
  • upknittsoappz.shop
  • shepherdlyopzc.shop
  • outpointsozp.shop
  • liernessfornicsa.shop
  • indexterityszcoxp.shop
  • lariatedzugspd.shop
  • callosallsaospz.shop
  • e9cd2429628e3955dd1f7c714fbaa3e3b85bfaac0bc31582cf9c5232cb8fc352
  • e6b00ee585b008f110829df68c01a62d3bfac1ffe7d65298c8a4e4109b8a7319
  • d669078a7cdcf71fb3f2c077d43f7f9c9fdbdb9af6f4d454d23a718c6286302a
  • c3e50ca693f88678d1a6e05c870f605d18ad2ce5cfec6064b7b2fe81716d40b0
  • c1e27b2e7db4fba9f011317ff86b0d638fe720b945e933b286bb3cf6cdb60b6f
  • bb7a19963b422ed31b0b942eeaad7388421bc270a8513337f8ec043a84a4f11c
  • b5c0610bc01cfc3dafc9c976cb00fe7240430f0d03ec5e112a0b3f153f93b49a
  • aca54f9f5398342566e02470854aff48c53659be0c0cb83d3ce1fd05430375f8
  • a992cee863a4668698af92b4f9bd427d7a827996bf09824b89beff21578b49bd
  • 922b1f00115dfac831078bb5e5571640e95dbd0d6d4022186e5aa4165082c6b2
  • 865347471135bb5459ad0e647e75a14ad91424b6f13a5c05d9ecd9183a8a1cf4
  • 6ec39c6eee15805ef3098af7ae172517a279b042fc6c323ebf1aef8f8f2b21be
  • 66ad1c04ebb970f2494f2f30b45d6a83c2f3a2bb663565899f57bb5422851518
  • 6217436a326d1abcd78a838d60ab5de1fee8a62cda9f0d49116f9c36dc29d6fa
  • 56f2aedb86d26da157b178203cec09faff26e659f6f2be916597c9dd4825d69f
  • 50f9c384443a40d15a6e74960f1ba75dcf741eabdb5713bd2eba453a6aad81e5
  • 3ed535bbcd9d4980ec8bc60cd64804e9c9617b7d88723d3b05e6ad35821c3fe7
  • 2856b7d3948dfb5231056e52437257757839880732849c2e2a35de3103c64768
  • 280900902df7bb855b27614884b369e5e0da25ff22efacc59443a4f593ccd145
  • 1e06ef09d9e487fd54dbb70784898bff5c3ee25d87f468c9c5d0dfb8948fb45c

Techniques (MITRE) (5)

Malware (1)

  • Lumma Stealer
    Family
    Published 08/06/2026 19:36 · Modified 08/06/2026 19:36

External references