lumma | 24e8e618ddeba28efb95b1e6a2b574879eabb48948f19a0e3bb3e6b2bf3e27fa

Analysis

max time kernel
55s
max time network
70s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
22-03-2023 14:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24e8e618ddeba28efb95b1e6a2b574879eabb48948f19a0e3bb3e6b2bf3e27fa.exe
Size

988KB
MD5

4aa21293162188635cf4d4ef626f367c
SHA1

c3e2de0f1a01f2b256ed977234fba29a2e1e9e60
SHA256

24e8e618ddeba28efb95b1e6a2b574879eabb48948f19a0e3bb3e6b2bf3e27fa
SHA512

6d8fb337d8dd9126ee28d51380e7ef0d1f4e6b0450e6d61632db628a9d722832f1ae8ea91470ea5c5e0e15b06a6a01e52b617d8cb1965addb97ffc55272af5fd
SSDEEP

12288:i6T+g+TFMg3gNuFSjwgPcb7Ge/8FM+9sQUsU0RDOOtKq0A3LZjBgsJPurYEKvl:Wg+TNgyWM/hU1JU0RDOOx0Q1jBarYE

Score

10^/10

lumma discovery spyware stealer

Malware Config

Extracted

Family

lumma

82.117.255.80

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\24e8e618ddeba28efb95b1e6a2b574879eabb48948f19a0e3bb3e6b2bf3e27fa.exe
"C:\Users\Admin\AppData\Local\Temp\24e8e618ddeba28efb95b1e6a2b574879eabb48948f19a0e3bb3e6b2bf3e27fa.exe"
1⤵
PID:1444

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1444-122-0x0000000002380000-0x0000000002495000-memory.dmp

Filesize
1.1MB

Download
memory/1444-123-0x0000000000400000-0x0000000000577000-memory.dmp

Filesize
1.5MB

Download
memory/1444-124-0x0000000000400000-0x0000000000577000-memory.dmp

Filesize
1.5MB

Download