lumma | 9593415e3c59bccf5b942204c21bf3b60b727868cd9bbd28efa10b045f838d7f | Triage

Submit
Reports

Overview

overview

Static

static

3

valoskin/h...er.exe

windows7-x64

1

valoskin/h...er.exe

windows10-2004-x64

1

valoskin/spoofer.exe

windows7-x64

3

valoskin/spoofer.exe

windows10-2004-x64

valoskin/test.dll

windows7-x64

1

valoskin/test.dll

windows10-2004-x64

7

Analysis

max time kernel
93s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23-02-2024 03:32

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

valoskin/hookloader.exe

Resource

win7-20240221-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

valoskin/hookloader.exe

Resource

win10v2004-20240221-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral3

Sample

valoskin/spoofer.exe

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral4

Sample

valoskin/spoofer.exe

Resource

win10v2004-20240221-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral5

Sample

valoskin/test.dll

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

valoskin/test.dll

Resource

win10v2004-20240221-en

windows10-2004-x64

13 signatures

150 seconds

Report Analysis Logs

General

Target

valoskin/spoofer.exe
Size

425KB
MD5

168d7b4ca5c63b61d5f48f0911868b2c
SHA1

daf966bd0ac55c862ce5574ee7d5420123ac94e4
SHA256

601c05bd2d1c908d123dac33d1c15552c138acb294124cbdd86b12c9f35e2655
SHA512

da5ebb40849fedafc5a3ac7c48a0142c6eb5ccefe788b6c07491a757aa9e9b4f3d8b76e1dacf0600a833aade05c309b9661e8fd40080d4ba8f4cf4ea3d59900f
SSDEEP

12288:jLJ/KPJxO9j7MIFyKz3mBEP5KpPbDC0dGhKcYtmS2:jcPYsIUOwtb1whlt

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

C2

https://technologyenterdo.shop/api

https://detectordiscusser.shop/api

https://turkeyunlikelyofw.shop/api

https://associationokeo.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Processes

C:\Users\Admin\AppData\Local\Temp\valoskin\spoofer.exe
"C:\Users\Admin\AppData\Local\Temp\valoskin\spoofer.exe"
1⤵
PID:3544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3544-0-0x0000000002EA0000-0x0000000002EE9000-memory.dmp

Filesize
292KB

Download
memory/3544-5-0x00000000014F0000-0x00000000014F1000-memory.dmp

Filesize
4KB

Download
memory/3544-6-0x00000000014F0000-0x00000000014F1000-memory.dmp

Filesize
4KB

Download
memory/3544-7-0x00000000014F0000-0x00000000014F1000-memory.dmp

Filesize
4KB

Download
memory/3544-8-0x00000000014F0000-0x00000000014F1000-memory.dmp

Filesize
4KB

Download
memory/3544-9-0x0000000002EA0000-0x0000000002EE9000-memory.dmp

Filesize
292KB

Download

© 2018-2025

Terms | Privacy