Analysis Overview
SHA256
695068e6b6d7fe332fb683ea0c72932e43ddcbd320fd6cab05ce7531ba1a5373
Threat Level: Known bad
The file 695068e6b6d7fe332fb683ea0c72932e43ddcbd320fd6cab05ce7531ba1a5373 was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Unsigned PE
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-09 08:56
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-09 08:56
Reported
2024-07-09 08:59
Platform
win10v2004-20240708-en
Max time kernel
92s
Max time network
94s
Command Line
Signatures
Lumma Stealer
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious behavior: EnumeratesProcesses
Processes
C:\Users\Admin\AppData\Local\Temp\695068e6b6d7fe332fb683ea0c72932e43ddcbd320fd6cab05ce7531ba1a5373.exe
"C:\Users\Admin\AppData\Local\Temp\695068e6b6d7fe332fb683ea0c72932e43ddcbd320fd6cab05ce7531ba1a5373.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stationacutwo.shop | udp |
| US | 172.67.172.239:443 | stationacutwo.shop | tcp |
| US | 172.67.172.239:443 | stationacutwo.shop | tcp |
| US | 172.67.172.239:443 | stationacutwo.shop | tcp |
| US | 8.8.8.8:53 | 239.172.67.172.in-addr.arpa | udp |
| US | 172.67.172.239:443 | stationacutwo.shop | tcp |
| US | 172.67.172.239:443 | stationacutwo.shop | tcp |
| US | 172.67.172.239:443 | stationacutwo.shop | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-09 08:56
Reported
2024-07-09 08:59
Platform
win11-20240704-en
Max time kernel
147s
Max time network
152s
Command Line
Signatures
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious behavior: EnumeratesProcesses
Processes
C:\Users\Admin\AppData\Local\Temp\695068e6b6d7fe332fb683ea0c72932e43ddcbd320fd6cab05ce7531ba1a5373.exe
"C:\Users\Admin\AppData\Local\Temp\695068e6b6d7fe332fb683ea0c72932e43ddcbd320fd6cab05ce7531ba1a5373.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | stationacutwo.shop | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 172.67.172.239:443 | stationacutwo.shop | tcp |
| US | 172.67.172.239:443 | stationacutwo.shop | tcp |
| US | 172.67.172.239:443 | stationacutwo.shop | tcp |
| US | 172.67.172.239:443 | stationacutwo.shop | tcp |
| US | 172.67.172.239:443 | stationacutwo.shop | tcp |
| US | 172.67.172.239:443 | stationacutwo.shop | tcp |