Resubmissions

25-02-2024 11:53

240225-n2n5eaah36 10

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-02-2024 11:53

General

  • Target

    EulenFiveM-main/Loader.exe

  • Size

    690KB

  • MD5

    9ed99bd8432a2265d1f5fb611213168b

  • SHA1

    e215f6bfcbc91ed8828ef54cb6840eae1dc72cd0

  • SHA256

    dde02744526968833651a9f70be666ceec221599b03272c9c5fc5d729667dd72

  • SHA512

    f75b9ad6823ae8c4e4f5c84202893ba60c9256853d8b3924d47d59a1668e979e485a920b43414b470c5e5fd02975ff81edea3c9a2ed3a16140c13170224f2f28

  • SSDEEP

    12288:snlipr+FaVITo35RRLyAuilkjA/xZGHr9W8aSt2kTNvif8jedCLLA2Z:QipJIg5GFAp/St2qif8jMCLL1

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://gemcreedarticulateod.shop/api

https://secretionsuitcasenioise.shop/api

https://claimconcessionrebe.shop/api

https://liabilityarrangemenyit.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

  • Program crash 1 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\EulenFiveM-main\Loader.exe
    "C:\Users\Admin\AppData\Local\Temp\EulenFiveM-main\Loader.exe"
    1⤵
      PID:1756
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 1084
        2⤵
        • Program crash
        PID:2020
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1756 -ip 1756
      1⤵
        PID:824
      • C:\Windows\System32\rundll32.exe
        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
        1⤵
          PID:1560
        • C:\Windows\system32\svchost.exe
          C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
          1⤵
            PID:3432

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1756-0-0x0000000000880000-0x0000000000917000-memory.dmp

            Filesize

            604KB

          • memory/1756-5-0x0000000002850000-0x0000000002851000-memory.dmp

            Filesize

            4KB

          • memory/1756-6-0x00000000026A0000-0x00000000026A1000-memory.dmp

            Filesize

            4KB

          • memory/1756-7-0x00000000026A0000-0x00000000026A1000-memory.dmp

            Filesize

            4KB

          • memory/1756-8-0x0000000000880000-0x0000000000917000-memory.dmp

            Filesize

            604KB