lumma | 23a699593b541255bb6511b0f104f49c63b3ded47979b290853bae5d2e1d3351

Analysis

max time kernel
143s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
14-02-2023 11:29

Target

23a699593b541255bb6511b0f104f49c63b3ded47979b290853bae5d2e1d3351.exe
Size

1.0MB
MD5

620d883f30c80ea4122736e37d9e7bf3
SHA1

fb23f292e1478f0afc8f1db23717c6becfb73510
SHA256

23a699593b541255bb6511b0f104f49c63b3ded47979b290853bae5d2e1d3351
SHA512

76c9882a0fa7ed6832c8e09d90486f0444cebacce30209eca829fa3000166df2db569055a65664d470190d1ed39a37a9b533592a87b7d9618fbdda9df0486afe
SSDEEP

12288:Py0JsnKCA3OglBAo4fp5W1OpndokJVehku4rLzo4pE8ZrElfrVM5MyHdLCstqst4:a0JsHvcmX5/nd/dLLciELTfinwstEsY

Score

10^/10

lumma stealer

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

23a699593b541255bb6511b0f104f49c63b3ded47979b290853bae5d2e1d3351.exe

pid process

4092 23a699593b541255bb6511b0f104f49c63b3ded47979b290853bae5d2e1d3351.exe

pid	process
4092	23a699593b541255bb6511b0f104f49c63b3ded47979b290853bae5d2e1d3351.exe

C:\Users\Admin\AppData\Local\Temp\23a699593b541255bb6511b0f104f49c63b3ded47979b290853bae5d2e1d3351.exe
"C:\Users\Admin\AppData\Local\Temp\23a699593b541255bb6511b0f104f49c63b3ded47979b290853bae5d2e1d3351.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:4092

memory/4092-132-0x00000000008E0000-0x0000000000B4F000-memory.dmp

Filesize
2.4MB

Download
memory/4092-133-0x00000000008E0000-0x0000000000B4F000-memory.dmp

Filesize
2.4MB

Download