lumma | b5c32c8eced221ec5b54c57a027f9fee57f431739cdac9de3d3008b84c4cca97 | Triage

Submit
Reports

Overview

overview

Static

static

0441aa20a4...1f.exe

windows7-x64

0441aa20a4...1f.exe

windows10-2004-x64

Analysis

max time kernel
38s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
16-01-2023 10:29

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

0441aa20a4a9814d4574612494d743039e5e735204cd6b514a636cf77bbc831f.exe

Resource

win7-20220812-en

lumma spyware stealer

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

0441aa20a4a9814d4574612494d743039e5e735204cd6b514a636cf77bbc831f.exe

Resource

win10v2004-20221111-en

lumma spyware stealer

windows10-2004-x64

4 signatures

150 seconds

Report Analysis Logs

General

Target

0441aa20a4a9814d4574612494d743039e5e735204cd6b514a636cf77bbc831f.exe
Size

248KB
MD5

a28c87cd2935ac25b99579652739dc79
SHA1

026397e31dee7fe017929ac7d545faa4f9ad6dfb
SHA256

0441aa20a4a9814d4574612494d743039e5e735204cd6b514a636cf77bbc831f
SHA512

3f0f3d701685840fd1a3995573297909258153ed22d109f566e79681357451597cd7b7b04e54fa3a69819d20e95588d4d3a26dd7a77798cee2d9663c18293cbf
SSDEEP

3072:hCXGo0qeoFd5GmHPZUkWi5uIcoq4lxn22eWxZ39jYEBLCYi:hCUrSGkWi/coq8xn2HWj31I

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Processes

C:\Users\Admin\AppData\Local\Temp\0441aa20a4a9814d4574612494d743039e5e735204cd6b514a636cf77bbc831f.exe
"C:\Users\Admin\AppData\Local\Temp\0441aa20a4a9814d4574612494d743039e5e735204cd6b514a636cf77bbc831f.exe"
1⤵
PID:1308

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1308-54-0x0000000075BD1000-0x0000000075BD3000-memory.dmp

Filesize
8KB

Download
memory/1308-55-0x0000000002D3B000-0x0000000002D55000-memory.dmp

Filesize
104KB

Download
memory/1308-56-0x0000000000220000-0x000000000024A000-memory.dmp

Filesize
168KB

Download
memory/1308-57-0x0000000000400000-0x0000000002BA6000-memory.dmp

Filesize
39.6MB

Download
memory/1308-58-0x0000000002D3B000-0x0000000002D55000-memory.dmp

Filesize
104KB

Download
memory/1308-59-0x0000000000400000-0x0000000002BA6000-memory.dmp

Filesize
39.6MB

Download

© 2018-2024

Terms | Privacy