lumma | 353ed3726f653a8e19c5c1511088ae21f3673d992a1781c100dec7e8418a7fc8

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21-04-2024 02:15

Target

file.exe
Size

5.9MB
MD5

817c11005ca185252e666c25769a2591
SHA1

e52ec29d0e10c63b378b919fa1f5839b714be07c
SHA256

353ed3726f653a8e19c5c1511088ae21f3673d992a1781c100dec7e8418a7fc8
SHA512

b7cb060c4cabbb926e8a40adf797f9b082f6bac87a97b984aa6a636d82cf873b5657026b43d17359ffa1cee1f9eacced591f6c03e747b3d63090a4bc3d0fbf9b
SSDEEP

49152:W/Ce4+1N237v0gM68DXYDqwLvws0EdRGtVpT1kTNkbNbQWSxR9DzNJyEv5j/ujOJ:je4PLs6VKOQpyJWSxR9vBEAm8dJT1

Score

10^/10

lumma stealer

Family

lumma

https://stripmarrystresew.shop/api

https://entitlementappwo.shop/api

https://economicscreateojsu.shop/api

https://pushjellysingeywus.shop/api

https://absentconvicsjawun.shop/api

https://suitcaseacanehalk.shop/api

https://bordersoarmanusjuw.shop/api

https://mealplayerpreceodsju.shop/api

https://wifeplasterbakewis.shop/api

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Suspicious use of SetThreadContext 1 IoCs

Processes:

file.exe

description pid process target process

PID 3264 set thread context of 2404 3264 file.exe BitLockerToGo.exe

description	pid	process	target process
PID 3264 set thread context of 2404	3264	file.exe	BitLockerToGo.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

file.exe

description	pid	process	target process
PID 3264 wrote to memory of 2404	3264	file.exe	BitLockerToGo.exe
PID 3264 wrote to memory of 2404	3264	file.exe	BitLockerToGo.exe
PID 3264 wrote to memory of 2404	3264	file.exe	BitLockerToGo.exe
PID 3264 wrote to memory of 2404	3264	file.exe	BitLockerToGo.exe
PID 3264 wrote to memory of 2404	3264	file.exe	BitLockerToGo.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3264
- C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
  C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
  2⤵
  PID:2404

memory/2404-5-0x0000000000310000-0x000000000035F000-memory.dmp

Filesize
316KB

Download
memory/2404-8-0x0000000000310000-0x000000000035F000-memory.dmp

Filesize
316KB

Download
memory/2404-9-0x0000000000310000-0x000000000035F000-memory.dmp

Filesize
316KB

Download
memory/2404-10-0x0000000000310000-0x000000000035F000-memory.dmp

Filesize
316KB

Download
memory/3264-4-0x00007FF727FD0000-0x00007FF728613000-memory.dmp

Filesize
6.3MB

Download
memory/3264-6-0x00007FF727FD0000-0x00007FF728613000-memory.dmp

Filesize
6.3MB

Download