lumma | 0b56823bf4d3e3b17518c147ad4d520d34b2c648111730cd83f123948d8f0ab4 | Triage

Submit
Reports

Overview

overview

Static

static

1

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Analysis

max time kernel
142s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
13-03-2023 07:42

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20230220-en

lumma spyware stealer

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20230220-en

lumma spyware stealer

windows10-2004-x64

3 signatures

150 seconds

Report Analysis Logs

General

Target

tmp.exe
Size

6.4MB
MD5

4e86343c81e09b6079449183a5289d08
SHA1

d1678ca572eebed0cd392ff1cd0cccacdce2067d
SHA256

0b56823bf4d3e3b17518c147ad4d520d34b2c648111730cd83f123948d8f0ab4
SHA512

e2260ae32d333c898fd3dfbb32d2f5dda0ab390258fe813fc24f00b4ce09554644632ea653f78b59ba35b96f9e8c4c60de9fa0ae64f1cc5b8ac7df2bbc5ee793
SSDEEP

98304:dqjNw+IVoIjhBx2oyyl210HL3MMOT0Rsoo82Pb0VKq0:ETIVoIjhBg10HTMD5MVK3

Score

10^/10

lumma spyware stealer

Malware Config

Extracted

Family

lumma

C2

82.118.23.50

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Processes

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
PID:2280

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2280-134-0x000000002BDF0000-0x000000002BE57000-memory.dmp

Filesize
412KB

Download
memory/2280-135-0x000000002BDF0000-0x000000002BE57000-memory.dmp

Filesize
412KB

Download
memory/2280-136-0x000000002BDF0000-0x000000002BE57000-memory.dmp

Filesize
412KB

Download
memory/2280-137-0x0000000000400000-0x0000000000A67000-memory.dmp

Filesize
6.4MB

Download
memory/2280-138-0x000000002BE60000-0x000000002C293000-memory.dmp

Filesize
4.2MB

Download
memory/2280-139-0x000000002BDF0000-0x000000002BE57000-memory.dmp

Filesize
412KB

Download

© 2018-2024

Terms | Privacy