Overview

overview

10

Static

static

10

2024-02-12...er.exe

windows7-x64

10

2024-02-12...er.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12/02/2024, 15:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-12_90e0dd7254ac1e29a9aa1b53b62f43c8_magniber.exe

  • Size

    7.1MB

  • MD5

    90e0dd7254ac1e29a9aa1b53b62f43c8

  • SHA1

    a9339667f013719d52910593fce5f7c005f9304f

  • SHA256

    32335f98d0cce9cf3a590f02190c3cfebbdd55061e79e2853b72c2f954593981

  • SHA512

    7e71c9fe3f789ba63af7c6df000cd1030429161184f6e5a22a073008d398a30679077941f317b77cccd69f1ea63587e209e5ac47b28a4156f6f9b35eb51ddb1f

  • SSDEEP

    98304:/t+ebVLdahr+YTRi0TGgU8oxKFK7JIhXa1PSELk/GEAUfZ82ub8GRprbGJ1y1xWo:Rh6hoeK71aELkaUfdOMeXdVlG5Fp+

Score
10/10
lummastealer

Malware Config

Signatures

  • Detect Lumma Stealer payload V4 1 IoCs
  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-12_90e0dd7254ac1e29a9aa1b53b62f43c8_magniber.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-12_90e0dd7254ac1e29a9aa1b53b62f43c8_magniber.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Users\Admin\AppData\Local\Temp\2024-0Cw3dh6Dd.exe
      "2024-0Cw3dh6Dd.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2296

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\cfg.ini
          Filesize

          18B

          MD5

          6183fe2f41abb9c4e1dd9712dd94fad7

          SHA1

          ff2de09c102d8821ffe9b113604c0d7b9d3dab27

          SHA256

          d7189438c1a4551ba919780ae122faab229cca7caf6276ba52b7ec12586303fc

          SHA512

          46a7a1e3b22de6e186894a425e7d2ee1fdbf2e76dfe617a162857c941db537a40952315cff0abfce747038ea580275900daf9b01d812657b00e564bfdd681eb9

          Download Submit

        • \Users\Admin\AppData\Local\Temp\2024-0Cw3dh6Dd.exe
          Filesize

          7.1MB

          MD5

          4d3b4da5d5fb5c0536efdc536fc98370

          SHA1

          393ba4c71d05fb4afe4d0fa7286e14a7ae57c536

          SHA256

          a44f37c6625d309a35789b63800df46c5ea8f648cbb1f05b6426d6395011b392

          SHA512

          83ecf1672419dba38dabac6c091ced345f5f7ffe68de27b421c9c5558c780e27522263ec23bc9f618f763ccdf783689c1aba6496a376385e03efb4b9e1f5b739

          Download Submit