lumma | 5525161daf624a9f7698322829334001cc92df2b9fd8a40456704db98986bc70

Analysis

max time kernel
1777s
max time network
1171s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03-05-2024 19:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

C0dex.exe
Size

21.5MB
MD5

5c365e7b25f8cf72e1914c9c79f188a3
SHA1

f6d976a091bf7301c2fd0aecd60e9f1570a5320b
SHA256

5525161daf624a9f7698322829334001cc92df2b9fd8a40456704db98986bc70
SHA512

f7f62bd6b719a64a82a97dd98ff7ca197346e716dee090b8a650ef9785173edc9cd2da6a8dba01a532c2bc29456e3f54ef0dc95c8f3487bb2b48ee6a89cae89c
SSDEEP

98304:DBwHP2Xz1zDM4++cYoFNOSN9jy7FtPQyylkGjPEyivEY3FfN:Df1XM4++Vovvjy7FRxylkGwyEN

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://hushedsombkereos.shop/api

https://acceptabledcooeprs.shop/api

https://obsceneclassyjuwks.shop/api

https://zippyfinickysofwps.shop/api

https://miniaturefinerninewjs.shop/api

https://plaintediousidowsko.shop/api

https://sweetsquarediaslw.shop/api

https://holicisticscrarws.shop/api

https://boredimperissvieos.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2656 set thread context of 4652	2656	C0dex.exe	95

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 4652	2656	C0dex.exe	95
PID 2656 wrote to memory of 4652	2656	C0dex.exe	95
PID 2656 wrote to memory of 4652	2656	C0dex.exe	95
PID 2656 wrote to memory of 4652	2656	C0dex.exe	95
PID 2656 wrote to memory of 4652	2656	C0dex.exe	95

C:\Users\Admin\AppData\Local\Temp\C0dex.exe
"C:\Users\Admin\AppData\Local\Temp\C0dex.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
  C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
  2⤵
  PID:4652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2656-2-0x00007FF6ADCC0000-0x00007FF6AF2BC000-memory.dmp

Filesize
22.0MB

Download
memory/2656-9-0x00007FF6ADCC0000-0x00007FF6AF2BC000-memory.dmp

Filesize
22.0MB

Download
memory/4652-5-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/4652-7-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/4652-8-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/4652-10-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download