Malware Analysis Report

2025-08-11 06:28

Sample ID 230424-rgfjbacc46
Target malware.exe
SHA256 9b742a890aff9c7a2b54b620fe5e1fcfa553648695d79c892564de09b850c92b
Tags
lumma spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9b742a890aff9c7a2b54b620fe5e1fcfa553648695d79c892564de09b850c92b

Threat Level: Known bad

The file malware.exe was found to be: Known bad.

Malicious Activity Summary

lumma spyware stealer

Detect Lumma Stealer payload V2

Lumma family

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-24 14:09

Signatures

Detect Lumma Stealer payload V2

Description Indicator Process Target
N/A N/A N/A N/A

Lumma family

lumma

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-24 14:09

Reported

2023-04-24 14:12

Platform

win7-20230220-en

Max time kernel

31s

Max time network

33s

Command Line

"C:\Users\Admin\AppData\Local\Temp\malware.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Processes

C:\Users\Admin\AppData\Local\Temp\malware.exe

"C:\Users\Admin\AppData\Local\Temp\malware.exe"

Network

Country Destination Domain Proto
BG 195.123.226.91:80 tcp
BG 195.123.226.91:80 tcp
BG 195.123.226.91:80 tcp
BG 195.123.226.91:80 tcp
BG 195.123.226.91:80 tcp
BG 195.123.226.91:80 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-24 14:09

Reported

2023-04-24 14:12

Platform

win10v2004-20230220-en

Max time kernel

61s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\malware.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Processes

C:\Users\Admin\AppData\Local\Temp\malware.exe

"C:\Users\Admin\AppData\Local\Temp\malware.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
BG 195.123.226.91:80 tcp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
BG 195.123.226.91:80 tcp
US 8.8.8.8:53 76.38.195.152.in-addr.arpa udp
BG 195.123.226.91:80 tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 52.152.110.14:443 tcp
US 20.42.73.26:443 tcp
US 209.197.3.8:80 tcp
US 209.197.3.8:80 tcp
NL 173.223.113.164:443 tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 62.13.109.52.in-addr.arpa udp
NL 8.253.208.120:80 tcp

Files

N/A