Analysis
-
max time kernel
41s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
16-01-2023 12:15
General
-
Target
f8d13608a3238b1909ee373c32ff31930912f69bbad44560a6e10cdd35fe2271.exe
-
Size
248KB
-
MD5
3d92131e50a1b8aa8e84e987059bf2d3
-
SHA1
6e0d66119ac618710e2dd1c81e340d079d053304
-
SHA256
f8d13608a3238b1909ee373c32ff31930912f69bbad44560a6e10cdd35fe2271
-
SHA512
1d2fc9c7569e169b0179c36a636923444e0ca45ab4360ee834a921d9a45a2357c2cc0011fd99c73b02bfe67405cebf3dc388b4a1efe80fb3518ec9fa8dc75500
-
SSDEEP
3072:kXWRuxPtPXxs55ZtwvBhSRDiCtOXRrO3Qeen/ZJeQNBMm57i:gPXoP5POX5w2ZYMBf5
Score
10/10
Malware Config
Extracted
Family
lumma
C2
77.73.134.68
Signatures
-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f8d13608a3238b1909ee373c32ff31930912f69bbad44560a6e10cdd35fe2271.exe"C:\Users\Admin\AppData\Local\Temp\f8d13608a3238b1909ee373c32ff31930912f69bbad44560a6e10cdd35fe2271.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1404-54-0x0000000075451000-0x0000000075453000-memory.dmpFilesize
8KB
-
memory/1404-55-0x0000000002D8B000-0x0000000002DA5000-memory.dmpFilesize
104KB
-
memory/1404-56-0x0000000000220000-0x000000000024A000-memory.dmpFilesize
168KB
-
memory/1404-57-0x0000000000400000-0x0000000002BA6000-memory.dmpFilesize
39.6MB
-
memory/1404-58-0x0000000002D8B000-0x0000000002DA5000-memory.dmpFilesize
104KB
-
memory/1404-59-0x0000000000400000-0x0000000002BA6000-memory.dmpFilesize
39.6MB