lumma | 0a53ab41b2eac9f9643de44c797f79103c37bf434a788c1b66a266d115b30fe8 | Triage

Submit
Reports

Overview

overview

Static

static

d21f82a8a0...9d.exe

windows7-x64

d21f82a8a0...9d.exe

windows10-2004-x64

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
16-01-2023 07:08

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

d21f82a8a0b55f753ba26a19444c5364a2b21d8451fcde32f659f57476fc399d.exe

Resource

win7-20220901-en

lumma spyware stealer

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

d21f82a8a0b55f753ba26a19444c5364a2b21d8451fcde32f659f57476fc399d.exe

Resource

win10v2004-20220812-en

lumma spyware stealer

windows10-2004-x64

4 signatures

150 seconds

Report Analysis Logs

General

Target

d21f82a8a0b55f753ba26a19444c5364a2b21d8451fcde32f659f57476fc399d.exe
Size

276KB
MD5

930f2ceba3c8821110756aa19b395676
SHA1

d2430e3e8dc6c193a90ef93da218c10f830e4395
SHA256

d21f82a8a0b55f753ba26a19444c5364a2b21d8451fcde32f659f57476fc399d
SHA512

dc6d093585e171ca366863cce09722e71e3718c8bab6d4432f92ccea6c926191bfbf5a0b7eb570189e070c4c8ca962a504e02f04661d6e3703efa642bec980d7
SSDEEP

6144:O6o0eLFcKPqdWge8I9h/e8DVr+HJYloDU4zqQna:O6o55cQqoF8ILRr+HJYloDFP

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Processes

C:\Users\Admin\AppData\Local\Temp\d21f82a8a0b55f753ba26a19444c5364a2b21d8451fcde32f659f57476fc399d.exe
"C:\Users\Admin\AppData\Local\Temp\d21f82a8a0b55f753ba26a19444c5364a2b21d8451fcde32f659f57476fc399d.exe"
1⤵
PID:1808

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1808-56-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/1808-55-0x0000000000220000-0x000000000024A000-memory.dmp

Filesize
168KB

Download
memory/1808-54-0x00000000005BE000-0x00000000005D8000-memory.dmp

Filesize
104KB

Download
memory/1808-57-0x0000000075AC1000-0x0000000075AC3000-memory.dmp

Filesize
8KB

Download
memory/1808-58-0x00000000005BE000-0x00000000005D8000-memory.dmp

Filesize
104KB

Download
memory/1808-59-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download

© 2018-2024

Terms | Privacy