Overview

overview

10

Static

static

3

bot/bot.exe

windows10-2004-x64

10

Resubmissions

23-05-2024 18:25

240523-w2k2rabg4y 3

23-05-2024 18:23

240523-w1f2eabf9x 10

Analysis

  • max time kernel
    10s
  • max time network
    12s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 18:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bot/bot.exe

  • Size

    462KB

  • MD5

    b2ebffa185fd884b6c5b5ac5fdf0d1f9

  • SHA1

    cf43cd203b3e68afd34f365c5d9e0a518b772ad5

  • SHA256

    d7d6b4b6c1ba7ae8f2080167b80e6a8e3f73a3ca032b99be8449c3086ba7a8d6

  • SHA512

    36fa92051293dd135c856665ecd26e51d300a9ded0a6ef5bb7b413456e867f5ab36595ef4afe524030f398ae62dbf563c53a4a316786fc8ef69366ec79562515

  • SSDEEP

    12288:I3/SNR/DwobrGEGRW6QZpNCpIa4cHDKU:I63ZrBAzoaph4ce

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://chunkylopsidedwos.shop/api

https://acceptabledcooeprs.shop/api

https://obsceneclassyjuwks.shop/api

https://zippyfinickysofwps.shop/api

https://miniaturefinerninewjs.shop/api

https://plaintediousidowsko.shop/api

https://sweetsquarediaslw.shop/api

https://holicisticscrarws.shop/api

https://boredimperissvieos.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bot\bot.exe
    "C:\Users\Admin\AppData\Local\Temp\bot\bot.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1048
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
        PID:2000
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        2⤵
          PID:4076

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1048-1-0x0000000002C40000-0x0000000002C41000-memory.dmp
        Filesize

        4KB

        Download
      • memory/4076-0-0x0000000000400000-0x0000000000458000-memory.dmp
        Filesize

        352KB

        Download
      • memory/4076-3-0x0000000000400000-0x0000000000458000-memory.dmp
        Filesize

        352KB

        Download
      • memory/4076-4-0x0000000000400000-0x0000000000458000-memory.dmp
        Filesize

        352KB

        Download
      • memory/4076-5-0x0000000000400000-0x0000000000458000-memory.dmp
        Filesize

        352KB

        Download