Overview
overview
10Static
static
10Dropper/Berbew.exe
windows10-2004-x64
10Dropper/Phorphiex.exe
windows10-2004-x64
10out.exe
windows10-2004-x64
3RAT/31.exe
windows10-2004-x64
10RAT/XClient.exe
windows10-2004-x64
10RAT/file.exe
windows10-2004-x64
7Ransomware...-2.exe
windows10-2004-x64
10Ransomware...01.exe
windows10-2004-x64
10Ransomware...lt.exe
windows10-2004-x64
10Stealers/Azorult.exe
windows10-2004-x64
10Stealers/B...on.exe
windows10-2004-x64
10Stealers/Dridex.dll
windows10-2004-x64
10Stealers/M..._2.exe
windows10-2004-x64
10Stealers/lumma.exe
windows10-2004-x64
10Trojan/BetaBot.exe
windows10-2004-x64
10Trojan/Smo...er.exe
windows10-2004-x64
10Resubmissions
03-09-2024 14:02
240903-rb57sazdqf 1003-09-2024 13:51
240903-q59avszclf 1002-09-2024 19:51
240902-yk8gtsxbpd 1002-09-2024 02:27
240902-cxh7tazflg 1002-09-2024 02:26
240902-cwxc2sygll 1021-06-2024 19:37
240621-yca7cszgnd 1009-06-2024 17:07
240609-vm7rjadd73 1013-05-2024 17:36
240513-v6qblafe3y 1012-05-2024 17:17
240512-vty3zafh5s 10Analysis
-
max time kernel
92s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
02-09-2024 02:26
Behavioral task
behavioral1
Sample
Dropper/Berbew.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
Dropper/Phorphiex.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
out.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral4
Sample
RAT/31.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
RAT/XClient.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral6
Sample
RAT/file.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
Ransomware/Client-2.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral8
Sample
Ransomware/criticalupdate01.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
Ransomware/default.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral10
Sample
Stealers/Azorult.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
Stealers/BlackMoon.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral12
Sample
Stealers/Dridex.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
Stealers/Masslogger/mouse_2.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral14
Sample
Stealers/lumma.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
Trojan/BetaBot.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral16
Sample
Trojan/SmokeLoader.exe
Resource
win10v2004-20240802-en
General
-
Target
Stealers/lumma.exe
-
Size
311KB
-
MD5
33753bbc9a828b7be03eab11ef15d1f0
-
SHA1
dc2ffad4ab05bab6fcd9f0258d2071bdac910283
-
SHA256
7d2cacef8fc24cd30f6b0596abaf37342f85ab1d8b6b0ccf01ad1bdb79317d92
-
SHA512
06c529a8ad0991a3304c83df13093ade5dd37156709d863265703fc6ed23b6dd4519ecb15c08f1badc2d85870fb91912f177183453e63119a1f48641686a0465
-
SSDEEP
6144:gZBeWp7SFZn5ZkolpkR/rwaYyJXiICeTB:gZBVpmFZPOJJXih2B
Malware Config
Extracted
lumma
https://whispedwoodmoodsksl.shop/api
https://acceptabledcooeprs.shop/api
https://obsceneclassyjuwks.shop/api
https://zippyfinickysofwps.shop/api
https://miniaturefinerninewjs.shop/api
https://plaintediousidowsko.shop/api
https://sweetsquarediaslw.shop/api
https://holicisticscrarws.shop/api
https://boredimperissvieos.shop/api
Signatures
-
Program crash 3 IoCs
pid pid_target Process procid_target 2736 4596 WerFault.exe 82 3652 4596 WerFault.exe 82 3028 4596 WerFault.exe 82 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language lumma.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Stealers\lumma.exe"C:\Users\Admin\AppData\Local\Temp\Stealers\lumma.exe"1⤵
- System Location Discovery: System Language Discovery
PID:4596 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 7562⤵
- Program crash
PID:2736
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 8122⤵
- Program crash
PID:3652
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 3842⤵
- Program crash
PID:3028
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4596 -ip 45961⤵PID:2012
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4596 -ip 45961⤵PID:2580
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4596 -ip 45961⤵PID:3064