Malware Analysis Report

2024-11-30 05:32

Sample ID 240709-mk88ks1glf
Target 2.exe
SHA256 cced1a3811e37720251db4e3d5836ea94da430682863ca61b2ff9940b7d56965
Tags
lumma stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cced1a3811e37720251db4e3d5836ea94da430682863ca61b2ff9940b7d56965

Threat Level: Known bad

The file 2.exe was found to be: Known bad.

Malicious Activity Summary

lumma stealer

Lumma Stealer

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-07-09 10:32

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-09 10:32

Reported

2024-07-09 10:34

Platform

win7-20240705-en

Max time kernel

15s

Max time network

22s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2.exe

"C:\Users\Admin\AppData\Local\Temp\2.exe"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-09 10:32

Reported

2024-07-09 10:34

Platform

win10-20240404-en

Max time kernel

14s

Max time network

19s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2.exe"

Signatures

Lumma Stealer

stealer lumma

Processes

C:\Users\Admin\AppData\Local\Temp\2.exe

"C:\Users\Admin\AppData\Local\Temp\2.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 stationacutwo.shop udp
N/A 100.109.89.231:443 stationacutwo.shop tcp
US 8.8.8.8:53 bouncedgowp.shop udp
N/A 100.82.199.67:443 bouncedgowp.shop tcp
US 8.8.8.8:53 bannngwko.shop udp
N/A 100.112.184.237:443 bannngwko.shop tcp
US 8.8.8.8:53 bargainnykwo.shop udp
N/A 100.67.135.28:443 bargainnykwo.shop tcp
US 8.8.8.8:53 affecthorsedpo.shop udp
N/A 100.87.206.25:443 affecthorsedpo.shop tcp
US 8.8.8.8:53 radiationnopp.shop udp
N/A 100.91.13.153:443 radiationnopp.shop tcp
US 8.8.8.8:53 answerrsdo.shop udp
N/A 100.119.226.61:443 answerrsdo.shop tcp
US 8.8.8.8:53 publicitttyps.shop udp
N/A 100.100.120.19:443 publicitttyps.shop tcp
US 8.8.8.8:53 benchillppwo.shop udp
N/A 100.73.217.103:443 benchillppwo.shop tcp
US 8.8.8.8:53 steamcommunity.com udp
N/A 100.117.68.160:443 steamcommunity.com tcp
US 8.8.8.8:53 231.89.109.100.in-addr.arpa udp
US 8.8.8.8:53 237.184.112.100.in-addr.arpa udp
US 8.8.8.8:53 67.199.82.100.in-addr.arpa udp
US 8.8.8.8:53 28.135.67.100.in-addr.arpa udp
US 8.8.8.8:53 25.206.87.100.in-addr.arpa udp
US 8.8.8.8:53 153.13.91.100.in-addr.arpa udp
US 8.8.8.8:53 61.226.119.100.in-addr.arpa udp
US 8.8.8.8:53 19.120.100.100.in-addr.arpa udp
US 8.8.8.8:53 103.217.73.100.in-addr.arpa udp
US 8.8.8.8:53 160.68.117.100.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-07-09 10:32

Reported

2024-07-09 10:34

Platform

win10v2004-20240708-en

Max time kernel

62s

Max time network

65s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2.exe"

Signatures

Lumma Stealer

stealer lumma

Processes

C:\Users\Admin\AppData\Local\Temp\2.exe

"C:\Users\Admin\AppData\Local\Temp\2.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 23.112.124.100.in-addr.arpa udp
US 8.8.8.8:53 235.87.117.100.in-addr.arpa udp
US 8.8.8.8:53 stationacutwo.shop udp
N/A 100.79.123.144:443 stationacutwo.shop tcp
US 8.8.8.8:53 bouncedgowp.shop udp
N/A 100.100.21.163:443 bouncedgowp.shop tcp
US 8.8.8.8:53 bannngwko.shop udp
N/A 100.102.209.196:443 bannngwko.shop tcp
US 8.8.8.8:53 bargainnykwo.shop udp
N/A 100.92.232.129:443 bargainnykwo.shop tcp
US 8.8.8.8:53 affecthorsedpo.shop udp
N/A 100.112.30.43:443 affecthorsedpo.shop tcp
US 8.8.8.8:53 radiationnopp.shop udp
N/A 100.76.80.200:443 radiationnopp.shop tcp
US 8.8.8.8:53 answerrsdo.shop udp
N/A 100.88.142.181:443 answerrsdo.shop tcp
US 8.8.8.8:53 publicitttyps.shop udp
N/A 100.94.32.144:443 publicitttyps.shop tcp
US 8.8.8.8:53 benchillppwo.shop udp
N/A 100.89.16.92:443 benchillppwo.shop tcp
US 8.8.8.8:53 steamcommunity.com udp
N/A 100.76.79.173:443 steamcommunity.com tcp
US 8.8.8.8:53 144.123.79.100.in-addr.arpa udp
US 8.8.8.8:53 196.209.102.100.in-addr.arpa udp
US 8.8.8.8:53 129.232.92.100.in-addr.arpa udp
US 8.8.8.8:53 163.21.100.100.in-addr.arpa udp
US 8.8.8.8:53 200.80.76.100.in-addr.arpa udp
US 8.8.8.8:53 181.142.88.100.in-addr.arpa udp
US 8.8.8.8:53 144.32.94.100.in-addr.arpa udp
US 8.8.8.8:53 43.30.112.100.in-addr.arpa udp
US 8.8.8.8:53 92.16.89.100.in-addr.arpa udp
US 8.8.8.8:53 173.79.76.100.in-addr.arpa udp
US 8.8.8.8:53 189.186.119.100.in-addr.arpa udp
US 8.8.8.8:53 0.250.89.100.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-07-09 10:32

Reported

2024-07-09 10:34

Platform

win11-20240704-en

Max time kernel

7s

Max time network

15s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2.exe

"C:\Users\Admin\AppData\Local\Temp\2.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 stationacutwo.shop udp
N/A 100.67.117.184:443 stationacutwo.shop tcp
N/A 100.117.62.47:443 bouncedgowp.shop tcp
N/A 100.107.242.140:443 bannngwko.shop tcp
N/A 100.85.55.237:443 bargainnykwo.shop tcp
N/A 100.102.189.188:443 affecthorsedpo.shop tcp
N/A 100.126.197.209:443 radiationnopp.shop tcp
N/A 100.96.188.207:443 answerrsdo.shop tcp
N/A 100.77.137.217:443 publicitttyps.shop tcp
N/A 100.74.187.6:443 benchillppwo.shop tcp
N/A 100.92.227.140:443 steamcommunity.com tcp
US 8.8.8.8:53 184.117.67.100.in-addr.arpa udp
US 8.8.8.8:53 47.62.117.100.in-addr.arpa udp
US 8.8.8.8:53 237.55.85.100.in-addr.arpa udp
US 8.8.8.8:53 209.197.126.100.in-addr.arpa udp
US 8.8.8.8:53 207.188.96.100.in-addr.arpa udp
US 8.8.8.8:53 217.137.77.100.in-addr.arpa udp
US 8.8.8.8:53 6.187.74.100.in-addr.arpa udp

Files

N/A