Overview

overview

10

Static

static

3

InstaIler.exe

windows10-1703-x64

10

amsvcp120.dll

windows10-1703-x64

3

dll/libEGL.dll

windows10-1703-x64

1

dll/ssleay32.dll

windows10-1703-x64

1

files/libs...re.dll

windows10-1703-x64

3

files/libs/libEGL.dll

windows10-1703-x64

1

files/libs...32.dll

windows10-1703-x64

1

files/libs...20.dll

windows10-1703-x64

3

files/libs...20.dll

windows10-1703-x64

3

files/libs...sw.dll

windows10-1703-x64

1

files/libs...32.dll

windows10-1703-x64

1

files/libs...it.dll

windows10-1703-x64

1

files/libs/wsepno.dll

windows10-1703-x64

1

files/libs/wshbth.dll

windows10-1703-x64

1

files/libs/wshcon.dll

windows10-1703-x64

7

Resubmissions

25-04-2024 16:33

240425-t2tb1sce7t 3

25-04-2024 16:27

240425-tylg1acf24 10

Analysis

  • max time kernel
    114s
  • max time network
    137s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25-04-2024 16:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    InstaIler.exe

  • Size

    30.5MB

  • MD5

    7f61125e107a2eb59123e61c9d5b5f5d

  • SHA1

    b60da27ecd514fbf99532172c86c84eb0cf23545

  • SHA256

    ebc797951823825f6fdf926dcd5d235f74df9069989baec669a13c500e751782

  • SHA512

    7f09789c6a79df1305a3c78e20a79bee589b2bafc8273b3e086bc1166a5bdeb91948640832774477922c664863418c440fd4849561d08551d5ab6e0d1acd8e51

  • SSDEEP

    196608:/ZS4A1fXbeokrAALKKI7IrfPme6Gy0pZXEh3eEB:RwfXbCrdKXsw0pZXi3B

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://peanuearthflaxes.shop/api

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\InstaIler.exe
    "C:\Users\Admin\AppData\Local\Temp\InstaIler.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:616
    • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
      C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
      2⤵
        PID:1352

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/616-4-0x00007FF6AC3E0000-0x00007FF6AE312000-memory.dmp

      Filesize

      31.2MB

      Download

    • memory/616-8-0x00007FF6AC3E0000-0x00007FF6AE312000-memory.dmp

      Filesize

      31.2MB

      Download

    • memory/1352-5-0x0000000003080000-0x00000000030CE000-memory.dmp

      Filesize

      312KB

      Download

    • memory/1352-7-0x0000000003080000-0x00000000030CE000-memory.dmp

      Filesize

      312KB

      Download

    • memory/1352-9-0x0000000003080000-0x00000000030CE000-memory.dmp

      Filesize

      312KB

      Download