Malware Analysis Report

2025-08-06 00:52

Sample ID 230430-ta7qbsca3s
Target 81b16b8e152322da3b81e7703e430c77d3f06e53b0ba24a5a82e0c3e371c9a21
SHA256 81b16b8e152322da3b81e7703e430c77d3f06e53b0ba24a5a82e0c3e371c9a21
Tags
lumma discovery spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

81b16b8e152322da3b81e7703e430c77d3f06e53b0ba24a5a82e0c3e371c9a21

Threat Level: Known bad

The file 81b16b8e152322da3b81e7703e430c77d3f06e53b0ba24a5a82e0c3e371c9a21 was found to be: Known bad.

Malicious Activity Summary

lumma discovery spyware stealer

Detect Lumma Stealer payload V2

Lumma family

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-30 15:52

Signatures

Detect Lumma Stealer payload V2

Description Indicator Process Target
N/A N/A N/A N/A

Lumma family

lumma

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-30 15:52

Reported

2023-04-30 15:55

Platform

win7-20230220-en

Max time kernel

136s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\81b16b8e152322da3b81e7703e430c77d3f06e53b0ba24a5a82e0c3e371c9a21.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Processes

C:\Users\Admin\AppData\Local\Temp\81b16b8e152322da3b81e7703e430c77d3f06e53b0ba24a5a82e0c3e371c9a21.exe

"C:\Users\Admin\AppData\Local\Temp\81b16b8e152322da3b81e7703e430c77d3f06e53b0ba24a5a82e0c3e371c9a21.exe"

Network

Country Destination Domain Proto
AT 77.73.134.68:80 tcp
AT 77.73.134.68:80 tcp
AT 77.73.134.68:80 tcp
AT 77.73.134.68:80 tcp
AT 77.73.134.68:80 tcp
AT 77.73.134.68:80 tcp
AT 77.73.134.68:80 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-30 15:52

Reported

2023-04-30 15:55

Platform

win10v2004-20230220-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\81b16b8e152322da3b81e7703e430c77d3f06e53b0ba24a5a82e0c3e371c9a21.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Processes

C:\Users\Admin\AppData\Local\Temp\81b16b8e152322da3b81e7703e430c77d3f06e53b0ba24a5a82e0c3e371c9a21.exe

"C:\Users\Admin\AppData\Local\Temp\81b16b8e152322da3b81e7703e430c77d3f06e53b0ba24a5a82e0c3e371c9a21.exe"

Network

Country Destination Domain Proto
AT 77.73.134.68:80 tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 126.151.241.8.in-addr.arpa udp
AT 77.73.134.68:80 tcp
FR 40.79.141.153:443 tcp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 140.145.190.20.in-addr.arpa udp
US 8.8.8.8:53 134.121.24.20.in-addr.arpa udp
US 8.8.8.8:53 97.238.32.23.in-addr.arpa udp
AT 77.73.134.68:80 tcp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 86.8.109.52.in-addr.arpa udp
AT 77.73.134.68:80 tcp
US 209.197.3.8:80 tcp
US 8.8.8.8:53 229.78.74.40.in-addr.arpa udp
US 8.8.8.8:53 58.104.205.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 52.152.110.14:443 tcp
US 209.197.3.8:80 tcp
AT 77.73.134.68:80 tcp
US 52.152.110.14:443 tcp
NL 173.223.113.164:443 tcp
AT 77.73.134.68:80 tcp
IE 20.54.89.15:443 tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
AT 77.73.134.68:80 tcp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
AT 77.73.134.68:80 tcp

Files

N/A