Malware Analysis Report

2025-08-05 10:05

Sample ID 230430-19bv9sfh9t
Target Rust Hack.exe.bin
SHA256 5cdd0a29b95fbd0317a39f8d1f3cc4465731e60a6e4dae8c2362a28e05ffc251
Tags
lumma spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5cdd0a29b95fbd0317a39f8d1f3cc4465731e60a6e4dae8c2362a28e05ffc251

Threat Level: Known bad

The file Rust Hack.exe.bin was found to be: Known bad.

Malicious Activity Summary

lumma spyware stealer

Lumma Stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-30 22:20

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-30 22:20

Reported

2023-04-30 22:37

Platform

win7-20230220-en

Max time kernel

100s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Rust Hack.exe"

Signatures

Lumma Stealer

stealer lumma

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1196 set thread context of 1940 N/A C:\Users\Admin\AppData\Local\Temp\Rust Hack.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Rust Hack.exe

"C:\Users\Admin\AppData\Local\Temp\Rust Hack.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe"

Network

Country Destination Domain Proto
US 82.117.255.127:80 82.117.255.127 tcp

Files

memory/1940-55-0x0000000000400000-0x0000000000439000-memory.dmp

memory/1940-56-0x0000000000400000-0x0000000000439000-memory.dmp

memory/1940-62-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-30 22:20

Reported

2023-04-30 22:38

Platform

win10v2004-20230220-en

Max time kernel

105s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Rust Hack.exe"

Signatures

Lumma Stealer

stealer lumma

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3648 set thread context of 3380 N/A C:\Users\Admin\AppData\Local\Temp\Rust Hack.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Rust Hack.exe

"C:\Users\Admin\AppData\Local\Temp\Rust Hack.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 76.38.195.152.in-addr.arpa udp
US 82.117.255.127:80 82.117.255.127 tcp
US 8.8.8.8:53 127.255.117.82.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 40.125.122.151:443 tcp
IE 13.69.239.74:443 tcp
NL 173.223.113.164:443 tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
NL 173.223.113.131:80 tcp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 2.77.109.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
NL 84.53.175.11:80 tcp

Files

memory/3380-134-0x0000000000400000-0x0000000000439000-memory.dmp