Malware Analysis Report

2024-11-30 04:53

Sample ID 240223-fer9jsbb5v
Target 210089624720b3e282b0fc7745ca60181ea404af7d5ca869d067093e57b56e87
SHA256 210089624720b3e282b0fc7745ca60181ea404af7d5ca869d067093e57b56e87
Tags
lumma stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

210089624720b3e282b0fc7745ca60181ea404af7d5ca869d067093e57b56e87

Threat Level: Known bad

The file 210089624720b3e282b0fc7745ca60181ea404af7d5ca869d067093e57b56e87 was found to be: Known bad.

Malicious Activity Summary

lumma stealer

Lumma Stealer

Program crash

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-02-23 04:47

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-23 04:47

Reported

2024-02-23 04:52

Platform

win10-20240221-en

Max time kernel

190s

Max time network

298s

Command Line

"C:\Users\Admin\AppData\Local\Temp\210089624720b3e282b0fc7745ca60181ea404af7d5ca869d067093e57b56e87.exe"

Signatures

Lumma Stealer

stealer lumma

Processes

C:\Users\Admin\AppData\Local\Temp\210089624720b3e282b0fc7745ca60181ea404af7d5ca869d067093e57b56e87.exe

"C:\Users\Admin\AppData\Local\Temp\210089624720b3e282b0fc7745ca60181ea404af7d5ca869d067093e57b56e87.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 associationokeo.shop udp
US 172.67.147.18:443 associationokeo.shop tcp
US 8.8.8.8:53 technologyenterdo.shop udp
US 172.67.180.132:443 technologyenterdo.shop tcp
US 8.8.8.8:53 18.147.67.172.in-addr.arpa udp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 8.8.8.8:53 132.180.67.172.in-addr.arpa udp
US 8.8.8.8:53 detectordiscusser.shop udp
US 104.21.60.92:443 detectordiscusser.shop tcp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 8.8.8.8:53 turkeyunlikelyofw.shop udp
US 104.21.76.253:443 turkeyunlikelyofw.shop tcp
US 8.8.8.8:53 92.60.21.104.in-addr.arpa udp
US 8.8.8.8:53 253.76.21.104.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 89.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 209.178.17.96.in-addr.arpa udp

Files

memory/4656-0-0x00000000009A0000-0x00000000009A1000-memory.dmp

memory/4656-1-0x00000000009A0000-0x00000000009A1000-memory.dmp

memory/4656-2-0x00000000009A0000-0x00000000009A1000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 04:47

Reported

2024-02-23 04:52

Platform

win7-20240215-en

Max time kernel

120s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\210089624720b3e282b0fc7745ca60181ea404af7d5ca869d067093e57b56e87.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\210089624720b3e282b0fc7745ca60181ea404af7d5ca869d067093e57b56e87.exe

"C:\Users\Admin\AppData\Local\Temp\210089624720b3e282b0fc7745ca60181ea404af7d5ca869d067093e57b56e87.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 124

Network

N/A

Files

memory/2208-0-0x0000000000070000-0x0000000000071000-memory.dmp