lumma | c20f7d43f594635296c1fa75e132e3e6b6508c855226ab5d6a3f607af7ec3816 | Triage

Submit
Reports

Overview

overview

Static

static

a95020d898...39.exe

windows7-x64

a95020d898...39.exe

windows10-2004-x64

Analysis

max time kernel
41s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-01-2023 15:07

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

a95020d898ba090e0ec4b9a7474bc039.exe

Resource

win7-20220812-en

lumma spyware stealer

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

a95020d898ba090e0ec4b9a7474bc039.exe

Resource

win10v2004-20220812-en

lumma spyware stealer

windows10-2004-x64

4 signatures

150 seconds

Report Analysis Logs

General

Target

a95020d898ba090e0ec4b9a7474bc039.exe
Size

251KB
MD5

a95020d898ba090e0ec4b9a7474bc039
SHA1

8e54f02f7c77c889e31392aced7b2b6d8d9ab2c0
SHA256

c20f7d43f594635296c1fa75e132e3e6b6508c855226ab5d6a3f607af7ec3816
SHA512

20c38d391b986f29baf46ff510b818bd2da0de12e2e507b4860bf9b27a9ac063e13f4009dda804fc0fd3ef612f66e5b133abbbefd70b022eed343e461b11d441
SSDEEP

3072:KX3bM29qzVQ55ThLJrOsfTf9oMxC2vLnj1E7ZhuhNL6R/migO/G/uW5+a:qGVoTVNOsxoMxC4nZEthp10CguW0a

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Processes

C:\Users\Admin\AppData\Local\Temp\a95020d898ba090e0ec4b9a7474bc039.exe
"C:\Users\Admin\AppData\Local\Temp\a95020d898ba090e0ec4b9a7474bc039.exe"
1⤵
PID:1636

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1636-54-0x0000000075071000-0x0000000075073000-memory.dmp

Filesize
8KB

Download
memory/1636-55-0x0000000002C7B000-0x0000000002C95000-memory.dmp

Filesize
104KB

Download
memory/1636-56-0x0000000000220000-0x000000000024A000-memory.dmp

Filesize
168KB

Download
memory/1636-57-0x0000000000400000-0x0000000002BA6000-memory.dmp

Filesize
39.6MB

Download
memory/1636-58-0x0000000002C7B000-0x0000000002C95000-memory.dmp

Filesize
104KB

Download
memory/1636-59-0x0000000000400000-0x0000000002BA6000-memory.dmp

Filesize
39.6MB

Download

© 2018-2024

Terms | Privacy