Overview

overview

10

Static

static

3

Sample/Ias...in.dll

windows10-2004-x64

3

Sample/Qt5Core.dll

windows7-x64

1

Sample/Qt5Core.dll

windows10-2004-x64

1

Sample/Qt5Gui.dll

windows7-x64

1

Sample/Qt5Gui.dll

windows10-2004-x64

1

Sample/Qt5Network.dll

windows7-x64

1

Sample/Qt5Network.dll

windows10-2004-x64

1

Sample/Qt5...rt.dll

windows7-x64

1

Sample/Qt5...rt.dll

windows10-2004-x64

1

Sample/Qt5Widgets.dll

windows7-x64

1

Sample/Qt5Widgets.dll

windows10-2004-x64

1

Sample/Setup.exe

windows7-x64

10

Sample/Setup.exe

windows10-2004-x64

10

Sample/StarBurn.dll

windows7-x64

1

Sample/StarBurn.dll

windows10-2004-x64

1

Sample/config.exe

windows7-x64

1

Sample/config.exe

windows10-2004-x64

3

Sample/msvcp140.dll

windows7-x64

1

Sample/msvcp140.dll

windows10-2004-x64

1

Sample/opengl64.exe

windows7-x64

1

Sample/opengl64.exe

windows10-2004-x64

1

Sample/vcr...40.dll

windows7-x64

1

Sample/vcr...40.dll

windows10-2004-x64

1

Sample/vcr..._1.dll

windows7-x64

1

Sample/vcr..._1.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    90s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-11-2024 08:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Sample/Setup.exe

  • Size

    1.2MB

  • MD5

    b84dfabe933d1160f624693d94779ce5

  • SHA1

    ac0133c09708fe4a3c626e3ba4cdf44d3a0e065f

  • SHA256

    588cb61b36a001384a2833bd5df8d7982ca79d6ae17a3d83a94e01b1e79684bd

  • SHA512

    eeaeef8d6b5fa02dedf9818babaa4b5ffdb87300521883aa290289dcc720b3d543279085ed3fc649b74654143e678502e56eb3f92c4baf53c075977de33c1b0e

  • SSDEEP

    12288:RWiPQmboElHjsxc93LwnfXlP0CT7T4ir7XFXTqlj02F:5Qrat3knTvT4yDpqlj/F

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://processhol.sbs/api

https://p10tgrace.sbs/api

https://peepburry828.sbs/api

https://3xp3cts1aim.sbs/api

https://p3ar11fter.sbs/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Blocklisted process makes network request 11 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Sample\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Sample\Setup.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:4080
    • C:\Windows\SysWOW64\more.com
      C:\Windows\SysWOW64\more.com
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:3956
      • C:\Windows\SysWOW64\msiexec.exe
        C:\Windows\SysWOW64\msiexec.exe
        3⤵
        • Blocklisted process makes network request
        • System Location Discovery: System Language Discovery
        PID:1560

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\39ed655d
    Filesize

    1.0MB

    MD5

    a4f91292755d3c2ae1c40cdf339f0749

    SHA1

    4731dc4ebfce72c2e22ab941ddaba14c44412e58

    SHA256

    853bd942aca018b1d47c69eb225f2fb1326601cc66c1c81beed90fdcf97f2f4e

    SHA512

    1186ad7bd82477d5af433b79ab71875b95140d95af8caad45acc4ddcf8ce84d3be200dd893c45a8a0125d93e8f8b912a53cbbfe1cb286a4e372c511209eb5cf3

    Download Submit

  • memory/1560-28-0x0000000000760000-0x0000000000772000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1560-27-0x0000000000DC0000-0x0000000000E1B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1560-26-0x00007FFC9E1F0000-0x00007FFC9E3E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3956-21-0x0000000075BE0000-0x0000000076193000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/3956-18-0x00007FFC9E1F0000-0x00007FFC9E3E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3956-20-0x0000000075BEE000-0x0000000075BF0000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3956-19-0x0000000075BE0000-0x0000000076193000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/3956-25-0x0000000075BE0000-0x0000000076193000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4080-15-0x00007FFC9D6A0000-0x00007FFC9DDDF000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4080-0-0x00007FFC80020000-0x00007FFC8056E000-memory.dmp

    Filesize

    5.3MB

    Download

  • memory/4080-14-0x00007FFC9D6A0000-0x00007FFC9DDDF000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4080-13-0x00007FFC9D6B9000-0x00007FFC9D6BA000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4080-1-0x00007FFC9D6A0000-0x00007FFC9DDDF000-memory.dmp

    Filesize

    7.2MB

    Download