Malware Analysis Report

2024-11-15 06:19

Sample ID 240227-fg8djsgf62
Target d02a1d9bb677dba25254aaac415b8f43e91d0bee4d3a26748c61f87fc5b3ada6
SHA256 d02a1d9bb677dba25254aaac415b8f43e91d0bee4d3a26748c61f87fc5b3ada6
Tags
lumma stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d02a1d9bb677dba25254aaac415b8f43e91d0bee4d3a26748c61f87fc5b3ada6

Threat Level: Known bad

The file d02a1d9bb677dba25254aaac415b8f43e91d0bee4d3a26748c61f87fc5b3ada6 was found to be: Known bad.

Malicious Activity Summary

lumma stealer

Lumma Stealer

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-02-27 04:51

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-27 04:51

Reported

2024-02-27 04:56

Platform

win7-20240221-en

Max time kernel

118s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d02a1d9bb677dba25254aaac415b8f43e91d0bee4d3a26748c61f87fc5b3ada6.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d02a1d9bb677dba25254aaac415b8f43e91d0bee4d3a26748c61f87fc5b3ada6.exe

"C:\Users\Admin\AppData\Local\Temp\d02a1d9bb677dba25254aaac415b8f43e91d0bee4d3a26748c61f87fc5b3ada6.exe"

Network

N/A

Files

memory/2116-1-0x0000000002470000-0x0000000002570000-memory.dmp

memory/2116-3-0x0000000000220000-0x0000000000266000-memory.dmp

memory/2116-4-0x0000000000270000-0x0000000000271000-memory.dmp

memory/2116-2-0x0000000000400000-0x00000000022ED000-memory.dmp

memory/2116-5-0x0000000000400000-0x00000000022ED000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-27 04:51

Reported

2024-02-27 04:56

Platform

win10-20240221-en

Max time kernel

195s

Max time network

300s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d02a1d9bb677dba25254aaac415b8f43e91d0bee4d3a26748c61f87fc5b3ada6.exe"

Signatures

Lumma Stealer

stealer lumma

Processes

C:\Users\Admin\AppData\Local\Temp\d02a1d9bb677dba25254aaac415b8f43e91d0bee4d3a26748c61f87fc5b3ada6.exe

"C:\Users\Admin\AppData\Local\Temp\d02a1d9bb677dba25254aaac415b8f43e91d0bee4d3a26748c61f87fc5b3ada6.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 associationokeo.shop udp
US 104.21.10.242:443 associationokeo.shop tcp
US 8.8.8.8:53 technologyenterdo.shop udp
US 172.67.180.132:443 technologyenterdo.shop tcp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 8.8.8.8:53 detectordiscusser.shop udp
US 104.21.60.92:443 detectordiscusser.shop tcp
US 8.8.8.8:53 242.10.21.104.in-addr.arpa udp
US 8.8.8.8:53 132.180.67.172.in-addr.arpa udp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 8.8.8.8:53 turkeyunlikelyofw.shop udp
US 172.67.202.191:443 turkeyunlikelyofw.shop tcp
US 8.8.8.8:53 92.60.21.104.in-addr.arpa udp
US 8.8.8.8:53 191.202.67.172.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 23.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp

Files

memory/2188-1-0x0000000002500000-0x0000000002600000-memory.dmp

memory/2188-4-0x0000000002430000-0x0000000002431000-memory.dmp

memory/2188-3-0x0000000002470000-0x00000000024B6000-memory.dmp

memory/2188-2-0x0000000002470000-0x00000000024B6000-memory.dmp

memory/2188-5-0x0000000000400000-0x00000000022ED000-memory.dmp