Malware Analysis Report

2025-06-15 19:52

Sample ID 240115-flm86sagc8
Target c807510b37c8650a2a2df4d6965f19be2681b68415e25770b31a098d60dd5200
SHA256 c807510b37c8650a2a2df4d6965f19be2681b68415e25770b31a098d60dd5200
Tags
lumma stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c807510b37c8650a2a2df4d6965f19be2681b68415e25770b31a098d60dd5200

Threat Level: Known bad

The file c807510b37c8650a2a2df4d6965f19be2681b68415e25770b31a098d60dd5200 was found to be: Known bad.

Malicious Activity Summary

lumma stealer

Lumma Stealer

Program crash

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-01-15 04:57

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-15 04:57

Reported

2024-01-15 05:02

Platform

win7-20231215-en

Max time kernel

117s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c807510b37c8650a2a2df4d6965f19be2681b68415e25770b31a098d60dd5200.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c807510b37c8650a2a2df4d6965f19be2681b68415e25770b31a098d60dd5200.exe

"C:\Users\Admin\AppData\Local\Temp\c807510b37c8650a2a2df4d6965f19be2681b68415e25770b31a098d60dd5200.exe"

Network

N/A

Files

memory/1696-0-0x0000000000BA0000-0x000000000160B000-memory.dmp

memory/1696-4-0x0000000000BA0000-0x000000000160B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-15 04:57

Reported

2024-01-15 05:02

Platform

win10-20231220-en

Max time kernel

292s

Max time network

302s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c807510b37c8650a2a2df4d6965f19be2681b68415e25770b31a098d60dd5200.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\c807510b37c8650a2a2df4d6965f19be2681b68415e25770b31a098d60dd5200.exe

"C:\Users\Admin\AppData\Local\Temp\c807510b37c8650a2a2df4d6965f19be2681b68415e25770b31a098d60dd5200.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 660

Network

Country Destination Domain Proto
US 8.8.8.8:53 maskmusicalproplemanw.pw udp
US 8.8.8.8:53 goddirtybrilliancece.fun udp
US 172.67.204.58:443 goddirtybrilliancece.fun tcp
US 8.8.8.8:53 58.204.67.172.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 89.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp

Files

memory/3704-0-0x0000000000EB0000-0x000000000191B000-memory.dmp

memory/3704-7-0x0000000000960000-0x0000000000961000-memory.dmp

memory/3704-6-0x0000000000960000-0x0000000000961000-memory.dmp

memory/3704-5-0x0000000000960000-0x0000000000961000-memory.dmp

memory/3704-4-0x0000000000EB0000-0x000000000191B000-memory.dmp