Analysis
-
max time kernel
149s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
19-04-2024 19:13
General
-
Target
8bbe1dd7cf20f807e3d903a1b5f02f8eff44f08c4ef4bbf562cb7b5f8a0c3f14.exe
-
Size
414KB
-
MD5
4a6481f75a90dc2afd531c91afb5be68
-
SHA1
59d73658150e32cdddf562e23cca08d747333f06
-
SHA256
8bbe1dd7cf20f807e3d903a1b5f02f8eff44f08c4ef4bbf562cb7b5f8a0c3f14
-
SHA512
f204841c937460336641c3627c4c2ec2f977d25dcf2d3158da209f3f9d7b3cd0cdf1eacee633fb9e5c9117e72e24433c736ecf51be92dcdd280625b2ebab5cb0
-
SSDEEP
6144:RgNPoTkniME5KY7yeLJlsbePScjTKvO3cZDBk3:RgNPLniMEUYxX8iScyW3cZDBM
Malware Config
Extracted
lumma
https://accountasifkwosov.shop/api
https://productivelookewr.shop/api
https://tolerateilusidjukl.shop/api
https://shatterbreathepsw.shop/api
https://shortsvelventysjo.shop/api
https://incredibleextedwj.shop/api
https://alcojoldwograpciw.shop/api
https://liabilitynighstjsko.shop/api
https://demonstationfukewko.shop/api
Signatures
-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Program crash 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8bbe1dd7cf20f807e3d903a1b5f02f8eff44f08c4ef4bbf562cb7b5f8a0c3f14.exe"C:\Users\Admin\AppData\Local\Temp\8bbe1dd7cf20f807e3d903a1b5f02f8eff44f08c4ef4bbf562cb7b5f8a0c3f14.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 11602⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2792 -ip 27921⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2792-1-0x0000000001A40000-0x0000000001B40000-memory.dmpFilesize
1024KB
-
memory/2792-2-0x0000000003770000-0x00000000037BE000-memory.dmpFilesize
312KB
-
memory/2792-3-0x0000000000400000-0x0000000001A32000-memory.dmpFilesize
22.2MB
-
memory/2792-4-0x0000000000400000-0x0000000001A32000-memory.dmpFilesize
22.2MB
-
memory/2792-5-0x0000000003770000-0x00000000037BE000-memory.dmpFilesize
312KB