Lumma Stealer’s GitHub-Based Delivery Explored via Managed Detection and Response
=======================================================================================================================================
SHA256									Files				Detection names
afdc1a1e1e934f18be28465315704a12b2cd43c186fbee94f7464392849a5ad0	App_aeIGCY3g.exe	        Trojan.Win32.LUMMASTEALER.CRCG
e8452a65a452abdb4b2e629f767a038e0792e6e2393fb91bf17b27a0ce28c936	DesignersCrawford.exe	        TrojanSpy.Win32.VIDAR.F
25cfd6e6a9544990093566d5ea9d7205a60599bfda8c0f4d59fca31e58a7640b	HumanitarianProvinces.exe	Backdoor.Win32.SECTOPRAT.A
51fbc196175f4fb9f38d843ee53710cde943e5caf1b0552624c7b65e6c231f7e	ResetEngaging.exe	        TrojanSpy.Win32.LUMMASTEALER.K
de6fcdf58b22a51d26eacb0e2c992d9a894c1894b3c8d70f4db80044dacb7430	Pictore.exe	                Trojan.Win32.LUMMASTEALER.F
4af3898ba3cf8b420ea1e6c5ce7cdca7775a4c9b78f67b493a9c73465432f1d3	PillsHarvest.exe	        Backdoor.Win32.SECTOPRAT.B
73A017FC2F9C559D333A272598FC10E1E7F25E8C6AFEABBD431C2ACAF8993A8E	Quantifyr.url	                Trojan.Win32.BOXTER.VSNW17L24
DD895AA929CD14684C802ADAD1386ADD63E236EEA179C75DAA658C1EF10868E5	Quantifyr.js	                Trojan.Win32.COBEACON.L.enc
af66c194d30a1c7c48c3fdf9d7142951ff4e6ba26cd6321210f7c4e9350ced22	Fairfield.cmd	                Backdoor.Win32.COBEACON.SMFRF.stg
6ec86b4e200144084e07407200a5294985054bdaddb3d6c56358fc0657e48157	Scielfic	                Trojan.Win64.SECTOPRAT.A
843269c61515c42f248cb855e5466c82e1f72182b833b1d5438999efa2c9384d	Receiving.cmd	                Trojan.BAT.LUMMA.A
c93dfe641543c3466edf56a9bed92d6ad7bb6f179c6041ed69d103b05e44828b	Signup.cmd	                Trojan.BAT.LUMMA.A
45a73c9260c41aee9122de28dea86944e1f2d447de7e66bff0d64bc895780572	HealthPulse.url	                Trojan.JS.LUMMA.A
938e35827cd9a8b63dcbb60a0bcab4f1f4eb84e3a8d644f061327183b871f6eb	HealthPulse.js	                Trojan.LNK.LUMMA.A
2f8275484d80fe3ce73d30116c1cc0019f473f675e9c78cc4bc3fb2193a8b14d	Oriented.cmd			Trojan.BAT.LUMMA.A
6ec86b4e200144084e07407200a5294985054bdaddb3d6c56358fc0657e48157	Scielfic			Trojan.Win64.SECTOPRAT.A
E096DB5BD644B5321EC5D6DBA709B4D8DBC4A1C22D7D2F1261E21E17B0279202	n				Trojan.Win32.COBEACON.L.enc
f02e6df17859052ff7a41ae570796c2fa85ec6ed560342f22f330087286a519f	alternatively.cmd		Backdoor.Win32.QUASAR.N


C&C servers/URLS	
91.202.233[.]18:9000	= Malware Accomplice
5.75.212[.]196:443	= C&C Server
lumdukekiy[.]shop	= C&C Server
ikores[.]sbs	        = C&C Server
hxxps://klipcatepiu0[.]shop/int_clp_sha[.]txt	 = Malware Accomplice