Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
16-01-2023 09:36
General
-
Target
9a636854eb16b6ae20d0152747ccdc87.exe
-
Size
276KB
-
MD5
9a636854eb16b6ae20d0152747ccdc87
-
SHA1
839ad2590dc91881058abf89c41cdde28e3c40ed
-
SHA256
730d01a6a7eedbf59ff5fc88ca0e7bf3d2a1fc7d5ede1232f31aa7a06e7b9adc
-
SHA512
d5b88e441a3c609ad59fbc50472d8ae5114543832109532c8d1e9dbf015b2e63b33227cbd904689ea8e2ce308dd8e65d61cfedfa3eae23696d0de3a5d9d2761f
-
SSDEEP
6144:mb3KmLONhPwiKPAQTtIEAZ00Fs9s9eWd5zU4zqQna:mb33iN1wNtIEAbzb5zFP
Score
10/10
Malware Config
Extracted
Family
lumma
C2
77.73.134.68
Signatures
-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9a636854eb16b6ae20d0152747ccdc87.exe"C:\Users\Admin\AppData\Local\Temp\9a636854eb16b6ae20d0152747ccdc87.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1788-54-0x0000000076321000-0x0000000076323000-memory.dmpFilesize
8KB
-
memory/1788-55-0x00000000004DE000-0x00000000004F8000-memory.dmpFilesize
104KB
-
memory/1788-56-0x00000000002A0000-0x00000000002CA000-memory.dmpFilesize
168KB
-
memory/1788-57-0x0000000000400000-0x000000000044B000-memory.dmpFilesize
300KB
-
memory/1788-58-0x00000000004DE000-0x00000000004F8000-memory.dmpFilesize
104KB
-
memory/1788-59-0x0000000000400000-0x000000000044B000-memory.dmpFilesize
300KB