Overview

overview

10

Static

static

1

Launcher.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    11s
  • max time network
    15s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-04-2024 03:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Launcher.exe

  • Size

    2.2MB

  • MD5

    66390f8f3d682210f7f2e09f79643e0d

  • SHA1

    00a679727077418bac0327cdf20554e245568bb1

  • SHA256

    1d0083e70c2806953191f40d4481c199e5fb3e17f46676bd34e0d940ed0d8ffc

  • SHA512

    50cf9004aec55f5c80bf057fe72181356a018d8d1ec88b09e9eee2091938f554fbe5248c843b5a6bc0e5c9c81e793e13687855b731a3c75e6ccf344b4c84ad2e

  • SSDEEP

    24576:1CKFsWpxSRyVdplXKP9bsK2JkAvuMdMbM/n:5xSRyVdpl6tsXGAGJW

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\Launcher.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4140
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
        PID:1300

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1300-0-0x0000000000400000-0x000000000044F000-memory.dmp
      Filesize

      316KB

      Download
    • memory/1300-3-0x0000000000400000-0x000000000044F000-memory.dmp
      Filesize

      316KB

      Download
    • memory/1300-4-0x0000000000400000-0x000000000044F000-memory.dmp
      Filesize

      316KB

      Download
    • memory/1300-5-0x0000000000400000-0x000000000044F000-memory.dmp
      Filesize

      316KB

      Download
    • memory/4140-2-0x0000000000120000-0x000000000024F000-memory.dmp
      Filesize

      1.2MB

      Download