Overview

overview

10

Static

static

3

3f843f9cf9...47.exe

windows7-x64

1

3f843f9cf9...47.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    4s
  • max time network
    45s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240319-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-03-2024 02:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3f843f9cf9346c56f29bceee03b9512d84a92bd94b7b6f4ee668bc4a6e3f8047.exe

  • Size

    319KB

  • MD5

    30732747ca33bd37a757c90aada0c604

  • SHA1

    b175606037f75bc349b5221aa999334d961c471b

  • SHA256

    3f843f9cf9346c56f29bceee03b9512d84a92bd94b7b6f4ee668bc4a6e3f8047

  • SHA512

    a672d0d573a3cb2fcb06db975ae3d34ae820f7c14c8e6ce24a1d63da511ff7bb3aaeb331026441729e3def6a9625e444b36e6b2a7d76072ebf08a6e5416980a1

  • SSDEEP

    6144:DuTgT9kw0NZk9gAGkgAcYjd56miof1AjoM0kkrBS9F:JTKw4ZWg6cYjd55ih8RkkrAF

Score
10/10
lummaspywarestealer

Malware Config

Extracted

Family

lumma

C2

https://wagonglidemonkywo.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs. 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f843f9cf9346c56f29bceee03b9512d84a92bd94b7b6f4ee668bc4a6e3f8047.exe
    "C:\Users\Admin\AppData\Local\Temp\3f843f9cf9346c56f29bceee03b9512d84a92bd94b7b6f4ee668bc4a6e3f8047.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1320
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2292 --field-trial-handle=2260,i,4762972005863767630,9297428255150568035,262144 --variations-seed-version /prefetch:3
    1⤵
      PID:1292

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
      Filesize

      2B

      MD5

      d751713988987e9331980363e24189ce

      SHA1

      97d170e1550eee4afc0af065b78cda302a97674c

      SHA256

      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

      SHA512

      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

      Download Submit

    • memory/1320-15-0x0000000000790000-0x0000000000890000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1320-33-0x0000000002410000-0x0000000002411000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1320-14-0x0000000002410000-0x0000000002411000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1320-5-0x0000000000400000-0x0000000000553000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/1320-6-0x0000000000750000-0x0000000000782000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1320-7-0x0000000000750000-0x0000000000782000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1320-8-0x0000000000750000-0x0000000000782000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1320-9-0x0000000002410000-0x0000000002411000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1320-10-0x0000000002410000-0x0000000002411000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1320-11-0x0000000002410000-0x0000000002411000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1320-12-0x0000000002410000-0x0000000002411000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1320-13-0x0000000002410000-0x0000000002411000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1320-4-0x0000000000400000-0x0000000000553000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/1320-3-0x0000000000400000-0x0000000000553000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/1320-24-0x0000000002410000-0x0000000002411000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1320-17-0x0000000000700000-0x000000000074A000-memory.dmp

      Filesize

      296KB

      Download

    • memory/1320-18-0x0000000000750000-0x0000000000782000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1320-19-0x0000000000750000-0x0000000000782000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1320-20-0x0000000000750000-0x0000000000782000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1320-21-0x0000000002410000-0x0000000002411000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1320-23-0x0000000002410000-0x0000000002411000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1320-16-0x0000000000400000-0x0000000000553000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/1320-25-0x0000000002410000-0x0000000002411000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1320-22-0x0000000002410000-0x0000000002411000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1320-26-0x0000000002410000-0x0000000002411000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1320-2-0x0000000000700000-0x000000000074A000-memory.dmp

      Filesize

      296KB

      Download

    • memory/1320-1-0x0000000000790000-0x0000000000890000-memory.dmp

      Filesize

      1024KB

      Download