Analysis Overview
SHA256
81b16b8e152322da3b81e7703e430c77d3f06e53b0ba24a5a82e0c3e371c9a21
Threat Level: Known bad
The file 81b16b8e152322da3b81e7703e430c77d3f06e53b0ba24a5a82e0c3e371c9a21 was found to be: Known bad.
Malicious Activity Summary
Detect Lumma Stealer payload V2
Lumma family
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-04-30 15:52
Signatures
Detect Lumma Stealer payload V2
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Lumma family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-04-30 15:52
Reported
2023-04-30 15:55
Platform
win7-20230220-en
Max time kernel
136s
Max time network
149s
Command Line
Signatures
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Processes
C:\Users\Admin\AppData\Local\Temp\81b16b8e152322da3b81e7703e430c77d3f06e53b0ba24a5a82e0c3e371c9a21.exe
"C:\Users\Admin\AppData\Local\Temp\81b16b8e152322da3b81e7703e430c77d3f06e53b0ba24a5a82e0c3e371c9a21.exe"
Network
| Country | Destination | Domain | Proto |
| AT | 77.73.134.68:80 | tcp | |
| AT | 77.73.134.68:80 | tcp | |
| AT | 77.73.134.68:80 | tcp | |
| AT | 77.73.134.68:80 | tcp | |
| AT | 77.73.134.68:80 | tcp | |
| AT | 77.73.134.68:80 | tcp | |
| AT | 77.73.134.68:80 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2023-04-30 15:52
Reported
2023-04-30 15:55
Platform
win10v2004-20230220-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Processes
C:\Users\Admin\AppData\Local\Temp\81b16b8e152322da3b81e7703e430c77d3f06e53b0ba24a5a82e0c3e371c9a21.exe
"C:\Users\Admin\AppData\Local\Temp\81b16b8e152322da3b81e7703e430c77d3f06e53b0ba24a5a82e0c3e371c9a21.exe"
Network
| Country | Destination | Domain | Proto |
| AT | 77.73.134.68:80 | tcp | |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.151.241.8.in-addr.arpa | udp |
| AT | 77.73.134.68:80 | tcp | |
| FR | 40.79.141.153:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| US | 8.8.8.8:53 | 140.145.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.121.24.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.238.32.23.in-addr.arpa | udp |
| AT | 77.73.134.68:80 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| US | 8.8.8.8:53 | 86.8.109.52.in-addr.arpa | udp |
| AT | 77.73.134.68:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| US | 8.8.8.8:53 | 229.78.74.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.104.205.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 52.152.110.14:443 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| AT | 77.73.134.68:80 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| NL | 173.223.113.164:443 | tcp | |
| AT | 77.73.134.68:80 | tcp | |
| IE | 20.54.89.15:443 | tcp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| AT | 77.73.134.68:80 | tcp | |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| AT | 77.73.134.68:80 | tcp |