lumma | 42f176bef89080bcfae261430672f7a8d414f8dcd980cc98b1e150a2aabe992f

Analysis

max time kernel
96s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14-09-2024 12:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d53377ec2ec9ae9412e7dc3d59432996.exe
Size

619KB
MD5

d53377ec2ec9ae9412e7dc3d59432996
SHA1

09b30ceaf9a7765ade6e2a981406b0a35099547f
SHA256

42f176bef89080bcfae261430672f7a8d414f8dcd980cc98b1e150a2aabe992f
SHA512

ec06ba02f27781fda800bf6cc61176534190036980c95d39770402f81387a8c4cf60c766ff3b4e0597b1110f58cad01eaadf2197c61e0816c7a3cb06681d4472
SSDEEP

12288:Me/nJFDHipj2HoVqcgPjfHlHnBbhPOW4SF+3I/S4K1:Me/JdMj2IivhVhx1Fl/S4K1

Score

10^/10

lumma discovery stealer

Malware Config

Signatures

Detect Lumma Stealer payload V4 2 IoCs

resource	yara_rule
behavioral2/memory/3680-1-0x00000000006C0000-0x0000000000745000-memory.dmp	family_lumma_v4
behavioral2/memory/3680-6-0x00000000006C0000-0x0000000000745000-memory.dmp	family_lumma_v4

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d53377ec2ec9ae9412e7dc3d59432996.exe

C:\Users\Admin\AppData\Local\Temp\d53377ec2ec9ae9412e7dc3d59432996.exe
"C:\Users\Admin\AppData\Local\Temp\d53377ec2ec9ae9412e7dc3d59432996.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3680-0-0x000000000040F000-0x0000000000411000-memory.dmp

Filesize
8KB

Download
memory/3680-1-0x00000000006C0000-0x0000000000745000-memory.dmp

Filesize
532KB

Download
memory/3680-6-0x00000000006C0000-0x0000000000745000-memory.dmp

Filesize
532KB

Download