lumma | 37cc099c435c1e7451dcdff1011c33f19fde6f69764cfe143a979d23c582888b

Analysis

max time kernel
141s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
21-03-2023 14:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

199de8b727ceae96afb7c7560092c1d7a4dbe5a005c07ae20cffd9871da52b82.exe
Size

3.3MB
MD5

50938be136527970c4fa9df18842ad76
SHA1

63ec9a2c612b57e082d27421b88d30e673e873f2
SHA256

199de8b727ceae96afb7c7560092c1d7a4dbe5a005c07ae20cffd9871da52b82
SHA512

c2655b9e643a7d854984527d8b4260632bea369b5baf68e6718c5d638751abe249f4cc620b2ae03c6ed53705ac764f74aa36d3b950aa04e45184409b92bd275d
SSDEEP

98304:dcR7APDOTa07J1qEGj05rAfBuHLbhTXmdYx/t3WP:waDSjkCrAfBuHLbpmdY9t3

Score

10^/10

lumma discovery spyware stealer

Malware Config

Extracted

Family

lumma

45.9.74.78

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\199de8b727ceae96afb7c7560092c1d7a4dbe5a005c07ae20cffd9871da52b82.exe
"C:\Users\Admin\AppData\Local\Temp\199de8b727ceae96afb7c7560092c1d7a4dbe5a005c07ae20cffd9871da52b82.exe"
1⤵
PID:3376

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3376-133-0x0000000000400000-0x00000000009B4000-memory.dmp

Filesize
5.7MB

Download
memory/3376-134-0x0000000000400000-0x00000000009B4000-memory.dmp

Filesize
5.7MB

Download
memory/3376-136-0x0000000000400000-0x00000000009B4000-memory.dmp

Filesize
5.7MB

Download
memory/3376-141-0x0000000000400000-0x00000000009B4000-memory.dmp

Filesize
5.7MB

Download