Overview

overview

10

Static

static

3

Voicemod.V2.48.7z

windows7-x64

3

Voicemod.V2.48.7z

windows10-2004-x64

3

Voicemod V2.48.7z

windows7-x64

3

Voicemod V2.48.7z

windows10-2004-x64

3

Voicemod V...ICENSE

windows7-x64

1

Voicemod V...ICENSE

windows10-2004-x64

1

Voicemod V...64.dll

windows7-x64

1

Voicemod V...64.dll

windows10-2004-x64

1

Voicemod V...up.exe

windows7-x64

3

Voicemod V...up.exe

windows10-2004-x64

10

Voicemod V...in.css

windows7-x64

3

Voicemod V...in.css

windows10-2004-x64

7

Voicemod V...a3.bin

windows7-x64

3

Voicemod V...a3.bin

windows10-2004-x64

3

Voicemod V...re.dll

windows10-2004-x64

1

Voicemod V...lp.dll

windows10-2004-x64

1

Voicemod V...lt.css

windows7-x64

3

Voicemod V...lt.css

windows10-2004-x64

7

Voicemod V...er.dll

windows7-x64

1

Voicemod V...er.dll

windows10-2004-x64

1

Voicemod V...GL.dll

windows7-x64

1

Voicemod V...GL.dll

windows10-2004-x64

1

Voicemod V...v2.dll

windows7-x64

1

Voicemod V...v2.dll

windows10-2004-x64

1

Voicemod V...ad.dll

windows7-x64

1

Voicemod V...ad.dll

windows10-2004-x64

1

Voicemod V...at.dll

windows7-x64

1

Voicemod V...at.dll

windows10-2004-x64

1

Voicemod V...ad.dll

windows7-x64

1

Voicemod V...ad.dll

windows10-2004-x64

1

Voicemod V...64.dll

windows7-x64

1

Voicemod V...64.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    157s
  • max time network
    172s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-04-2024 00:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Voicemod V2.48/VoicemodSetup.exe

  • Size

    493KB

  • MD5

    bf8be626b9b471fa8d28a8eaf8a318f9

  • SHA1

    d0b706240de97d48fd5442332c712db171d545b5

  • SHA256

    a079900bde437ddbcffacc5d40dcce4ce383699f9d2fa0a4cf43ba4de601e512

  • SHA512

    8da64569135c48b306fac8ae9c9b2daaa0bfa05bcf99605a1dedb4653c983a3ad0465b5f5291a73badba2394b0b34c221bb93ba15aa6a527c8d034fffcbc0bf1

  • SSDEEP

    12288:+0zit5bNErysNGJunuh30tXd2n50V+srAWSmGaFoCe:PitBNY4onuhqd20dkwuR

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://mazefearcontainujsy.shop/api

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Voicemod V2.48\VoicemodSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\Voicemod V2.48\VoicemodSetup.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2564
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
        PID:3564
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3736 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:1728

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2564-0-0x0000000000C90000-0x0000000000D0F000-memory.dmp
        Filesize

        508KB

        Download
      • memory/2564-2-0x0000000000C90000-0x0000000000D0F000-memory.dmp
        Filesize

        508KB

        Download
      • memory/3564-1-0x0000000000400000-0x0000000000450000-memory.dmp
        Filesize

        320KB

        Download
      • memory/3564-4-0x0000000000400000-0x0000000000450000-memory.dmp
        Filesize

        320KB

        Download
      • memory/3564-5-0x0000000000400000-0x0000000000450000-memory.dmp
        Filesize

        320KB

        Download
      • memory/3564-6-0x0000000000400000-0x0000000000450000-memory.dmp
        Filesize

        320KB

        Download