Analysis
-
max time kernel
190s -
max time network
299s -
platform
windows10-1703_x64 -
resource
win10-20240611-en -
resource tags
arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system -
submitted
04-07-2024 22:46
Static task
static1
Behavioral task
behavioral1
Sample
cae992788853230af91501546f6ead07cfd767cb8429c98a273093a90bbcb5ad.exe
Resource
win7-20240704-en
General
-
Target
cae992788853230af91501546f6ead07cfd767cb8429c98a273093a90bbcb5ad.exe
-
Size
6.3MB
-
MD5
bd2eac64cbded877608468d86786594a
-
SHA1
778ad44afd5629f0a5b3b7df9d6f02522ae94d91
-
SHA256
cae992788853230af91501546f6ead07cfd767cb8429c98a273093a90bbcb5ad
-
SHA512
3c8f43045f27addcb5fb23807c2ce1d3f247cc30dd1596134a141b0bbc7fa4d30d138791214d939dc4f34fd925b9ec450ea340e5871e2f4f64844226ed394312
-
SSDEEP
98304:LqhZ67opwYckx35SF2XKgxVvHuCPU8GSbO3JAXV1LrA+ZlL9CxpzTp2:LgErupSgKORuCT43JeV1LE+/s3p
Malware Config
Extracted
lumma
https://foodypannyjsud.shop/api
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
cae992788853230af91501546f6ead07cfd767cb8429c98a273093a90bbcb5ad.exepid process 4260 cae992788853230af91501546f6ead07cfd767cb8429c98a273093a90bbcb5ad.exe 4260 cae992788853230af91501546f6ead07cfd767cb8429c98a273093a90bbcb5ad.exe 4260 cae992788853230af91501546f6ead07cfd767cb8429c98a273093a90bbcb5ad.exe 4260 cae992788853230af91501546f6ead07cfd767cb8429c98a273093a90bbcb5ad.exe