lumma | a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f

Analysis

max time kernel
147s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 00:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe
Size

367KB
MD5

85269f246bebba3bf13422a34e35c9c6
SHA1

5d89b548a6e3dd62165595acdff29448cdcc81ff
SHA256

a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f
SHA512

a27135bab2f7fad9580e315e22ace272bfa8c01314759b783bdc52b263ba2a9fe01a6afa1f0366cfc7efdb80ca25dab18bf9f454719248d8e37fe9a3aefdb0df
SSDEEP

6144:SFD9pQcEWCcQJgC4ij/hSTrRS1g58hu+Md0bX7B:6MWCcGgC4ijwTM1g54tMd0bV

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://accountasifkwosov.shop/api

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Suspicious use of SetThreadContext 1 IoCs

Processes:

a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe

description	pid	process	target process
PID 3184 set thread context of 2420	3184	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe

description	pid	process	target process
PID 3184 wrote to memory of 2420	3184	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe
PID 3184 wrote to memory of 2420	3184	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe
PID 3184 wrote to memory of 2420	3184	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe
PID 3184 wrote to memory of 2420	3184	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe
PID 3184 wrote to memory of 2420	3184	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe
PID 3184 wrote to memory of 2420	3184	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe
PID 3184 wrote to memory of 2420	3184	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe
PID 3184 wrote to memory of 2420	3184	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe
PID 3184 wrote to memory of 2420	3184	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe

C:\Users\Admin\AppData\Local\Temp\a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe
"C:\Users\Admin\AppData\Local\Temp\a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3184

C:\Users\Admin\AppData\Local\Temp\a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe
"C:\Users\Admin\AppData\Local\Temp\a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe"
2⤵
PID:2420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2420-3-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2420-5-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2420-6-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2420-7-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/3184-1-0x0000000002F00000-0x0000000003000000-memory.dmp

Filesize
1024KB

Download
memory/3184-2-0x00000000048A0000-0x00000000048EE000-memory.dmp

Filesize
312KB

Download