Malware Analysis Report

2025-08-11 06:28

Sample ID 230424-q4f8pacb66
Target sample.exe
SHA256 d18a31b0b3d20a86fc0647d7f47332d648499d52eee68d34857eec61f3b042ce
Tags
lumma discovery spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d18a31b0b3d20a86fc0647d7f47332d648499d52eee68d34857eec61f3b042ce

Threat Level: Known bad

The file sample.exe was found to be: Known bad.

Malicious Activity Summary

lumma discovery spyware stealer

Detect Lumma Stealer payload V2

Lumma family

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-24 13:48

Signatures

Detect Lumma Stealer payload V2

Description Indicator Process Target
N/A N/A N/A N/A

Lumma family

lumma

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-24 13:48

Reported

2023-04-24 13:51

Platform

win7-20230220-en

Max time kernel

31s

Max time network

33s

Command Line

"C:\Users\Admin\AppData\Local\Temp\sample.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Processes

C:\Users\Admin\AppData\Local\Temp\sample.exe

"C:\Users\Admin\AppData\Local\Temp\sample.exe"

Network

Country Destination Domain Proto
AT 77.73.134.68:80 77.73.134.68 tcp
AT 77.73.134.68:80 77.73.134.68 tcp
AT 77.73.134.68:80 77.73.134.68 tcp
AT 77.73.134.68:80 77.73.134.68 tcp
AT 77.73.134.68:80 77.73.134.68 tcp
AT 77.73.134.68:80 77.73.134.68 tcp
AT 77.73.134.68:80 77.73.134.68 tcp
AT 77.73.134.68:80 77.73.134.68 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-24 13:48

Reported

2023-04-24 13:51

Platform

win10v2004-20230220-en

Max time kernel

65s

Max time network

99s

Command Line

"C:\Users\Admin\AppData\Local\Temp\sample.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Processes

C:\Users\Admin\AppData\Local\Temp\sample.exe

"C:\Users\Admin\AppData\Local\Temp\sample.exe"

Network

Country Destination Domain Proto
AT 77.73.134.68:80 77.73.134.68 tcp
US 8.8.8.8:53 68.134.73.77.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 93.184.220.29:80 tcp
AT 77.73.134.68:80 77.73.134.68 tcp
AT 77.73.134.68:80 77.73.134.68 tcp
AT 77.73.134.68:80 77.73.134.68 tcp
AT 77.73.134.68:80 77.73.134.68 tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
AT 77.73.134.68:80 77.73.134.68 tcp
US 104.208.16.90:443 tcp
AT 77.73.134.68:80 77.73.134.68 tcp
AT 77.73.134.68:80 77.73.134.68 tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
NL 173.223.113.164:443 tcp
NL 173.223.113.131:80 tcp
US 204.79.197.203:80 api.msn.com tcp
US 8.8.8.8:53 62.13.109.52.in-addr.arpa udp
US 13.107.4.50:80 tcp
NL 149.154.167.220:443 tcp

Files

N/A