Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-04-2024 22:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ce16cbc6db5b31a2aa80bf0df8f8730b8d9d16b0a495313a4ce5ceb72521f6fb.exe

  • Size

    399KB

  • MD5

    74e946b1aae970cdd7c899628a5701dc

  • SHA1

    07aaa4cc73ce094236a062778b1c507297fe9e67

  • SHA256

    ce16cbc6db5b31a2aa80bf0df8f8730b8d9d16b0a495313a4ce5ceb72521f6fb

  • SHA512

    6453efdde27efed3b0a57175b821196f8653ef3760d62b850134bbc6f84f33adf40d74a63d3cb25f73f32e1be2db638dd82d46f9925d03ccf181e8146c717e4a

  • SSDEEP

    6144:SpH8a7OCjVTk/hzF82yGpf+YSyFm+ocNKe1Kyl:Sh8anUWnHYSyFpLl

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://strollheavengwu.shop/api

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ce16cbc6db5b31a2aa80bf0df8f8730b8d9d16b0a495313a4ce5ceb72521f6fb.exe
    "C:\Users\Admin\AppData\Local\Temp\ce16cbc6db5b31a2aa80bf0df8f8730b8d9d16b0a495313a4ce5ceb72521f6fb.exe"
    1⤵
      PID:4820
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 1120
        2⤵
        • Program crash
        PID:2576
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4820 -ip 4820
      1⤵
        PID:1280

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4820-2-0x0000000003690000-0x00000000036DB000-memory.dmp
        Filesize

        300KB

        Download
      • memory/4820-1-0x0000000001AE0000-0x0000000001BE0000-memory.dmp
        Filesize

        1024KB

        Download
      • memory/4820-3-0x0000000000400000-0x0000000001A2F000-memory.dmp
        Filesize

        22.2MB

        Download