Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-04-2024 09:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    793837f29197681a2e6e6855f2fa481613f6c0cfffd584aac29b2a28f7035421.exe

  • Size

    420KB

  • MD5

    80c7a1b74e30c09dd9196a875def47bc

  • SHA1

    475e5c78dcfca78d55faad5d3243af95a0bfc384

  • SHA256

    793837f29197681a2e6e6855f2fa481613f6c0cfffd584aac29b2a28f7035421

  • SHA512

    24a0a94ef250b3aa5c443799103dfc07d616242d4935cf99a1374feea711edf0ebd4fb99264bb8e69263fd207e9078f8d752faf4e861580c310bbc3aa0e36b0a

  • SSDEEP

    6144:faimi6wSBhpBVuLXjmtwlwYd3vQ8xxXh2IECc:faimi6wSBbYX5wYq8xOt

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://strollheavengwu.shop/api

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\793837f29197681a2e6e6855f2fa481613f6c0cfffd584aac29b2a28f7035421.exe
    "C:\Users\Admin\AppData\Local\Temp\793837f29197681a2e6e6855f2fa481613f6c0cfffd584aac29b2a28f7035421.exe"
    1⤵
      PID:2404
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 1116
        2⤵
        • Program crash
        PID:780
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2404 -ip 2404
      1⤵
        PID:888

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2404-1-0x0000000004150000-0x0000000004250000-memory.dmp
        Filesize

        1024KB

        Download
      • memory/2404-2-0x00000000044C0000-0x000000000450B000-memory.dmp
        Filesize

        300KB

        Download
      • memory/2404-3-0x0000000000400000-0x000000000405C000-memory.dmp
        Filesize

        60.4MB

        Download
      • memory/2404-4-0x00000000044C0000-0x000000000450B000-memory.dmp
        Filesize

        300KB

        Download