Analysis

  • max time kernel
    190s
  • max time network
    299s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    04-07-2024 22:46

General

  • Target

    cae992788853230af91501546f6ead07cfd767cb8429c98a273093a90bbcb5ad.exe

  • Size

    6.3MB

  • MD5

    bd2eac64cbded877608468d86786594a

  • SHA1

    778ad44afd5629f0a5b3b7df9d6f02522ae94d91

  • SHA256

    cae992788853230af91501546f6ead07cfd767cb8429c98a273093a90bbcb5ad

  • SHA512

    3c8f43045f27addcb5fb23807c2ce1d3f247cc30dd1596134a141b0bbc7fa4d30d138791214d939dc4f34fd925b9ec450ea340e5871e2f4f64844226ed394312

  • SSDEEP

    98304:LqhZ67opwYckx35SF2XKgxVvHuCPU8GSbO3JAXV1LrA+ZlL9CxpzTp2:LgErupSgKORuCT43JeV1LE+/s3p

Malware Config

Extracted

Family

lumma

C2

https://foodypannyjsud.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cae992788853230af91501546f6ead07cfd767cb8429c98a273093a90bbcb5ad.exe
    "C:\Users\Admin\AppData\Local\Temp\cae992788853230af91501546f6ead07cfd767cb8429c98a273093a90bbcb5ad.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:4260

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4260-0-0x00000000013A0000-0x0000000001D40000-memory.dmp

    Filesize

    9.6MB