lumma | 758601b7d2c4c1c3ba050f4c9b0fd65f31f8d411965e2529ee22af93623f4148

Analysis

max time kernel
91s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
15-01-2023 04:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

758601b7d2c4c1c3ba050f4c9b0fd65f31f8d411965e2529ee22af93623f4148.exe
Size

245KB
MD5

f39ffa9812c55774a4dd1451b23fa2d4
SHA1

f9f60ac20bfe819d2a012d0fb19e88ea4e4a348d
SHA256

758601b7d2c4c1c3ba050f4c9b0fd65f31f8d411965e2529ee22af93623f4148
SHA512

d35209af1f3ed8f0249bc14f70b9c6e95e88abc5c7d10d9e906761a09b98731c1279f87bae9699158e65e07e55e7f6a9d71be0dc9c4a6f07c529d2a668266b13
SSDEEP

3072:6X6yzapOKC/IC3FZvb5RWJyYC0cM2qHzH+8nYZECMuxljcrapb:aioKC/IKvjWjCiT68nYZCMAup

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

77.73.134.68

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4484 1236 WerFault.exe 758601b7d2c4c1c3ba050f4c9b0fd65f31f8d411965e2529ee22af93623f4148.exe

pid	pid_target	process	target process
4484	1236	WerFault.exe	758601b7d2c4c1c3ba050f4c9b0fd65f31f8d411965e2529ee22af93623f4148.exe

C:\Users\Admin\AppData\Local\Temp\758601b7d2c4c1c3ba050f4c9b0fd65f31f8d411965e2529ee22af93623f4148.exe
"C:\Users\Admin\AppData\Local\Temp\758601b7d2c4c1c3ba050f4c9b0fd65f31f8d411965e2529ee22af93623f4148.exe"
1⤵
PID:1236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 1364
2⤵
- Program crash
PID:4484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1236 -ip 1236
1⤵
PID:2200

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1236-132-0x0000000002D98000-0x0000000002DB2000-memory.dmp

Filesize
104KB

Download
memory/1236-133-0x0000000002D40000-0x0000000002D6A000-memory.dmp

Filesize
168KB

Download
memory/1236-134-0x0000000000400000-0x0000000002BA5000-memory.dmp

Filesize
39.6MB

Download
memory/1236-135-0x0000000002D98000-0x0000000002DB2000-memory.dmp

Filesize
104KB

Download
memory/1236-136-0x0000000000400000-0x0000000002BA5000-memory.dmp

Filesize
39.6MB

Download