lumma | be42095ac6706dec950505be79bbd653c9826400a58b60c62d32c4966118e85c

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
submitted
23-11-2024 23:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be42095ac6706dec950505be79bbd653c9826400a58b6.exe
Size

14.9MB
MD5

88c779397d787f4849d8ce87d1407c02
SHA1

6d1d322e8a16b1d186c1bcb564d0bae596ad3349
SHA256

be42095ac6706dec950505be79bbd653c9826400a58b60c62d32c4966118e85c
SHA512

8d520f31afef61a41395bf114aa197a4097900fc47fa83ace8cf471d5a2933d958c04d42701828f73bde2891a3000999ef2803c56720147bc49144cddcfc69e7
SSDEEP

393216:xuszpErtNCIZxcuohbo6kcmPZExJvcrsAZub:Qsd6tDAjhbHYxEnkrNq

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

worldofpoetry.xyz

Signatures

Detect Lumma Stealer payload V2 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1236-1-0x00000000001C0000-0x000000000021C000-memory.dmp	family_lumma_V2

Detect Lumma Stealer payload V4 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1236-1-0x00000000001C0000-0x000000000021C000-memory.dmp	family_lumma_v4

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

be42095ac6706dec950505be79bbd653c9826400a58b6.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	be42095ac6706dec950505be79bbd653c9826400a58b6.exe

C:\Users\Admin\AppData\Local\Temp\be42095ac6706dec950505be79bbd653c9826400a58b6.exe
"C:\Users\Admin\AppData\Local\Temp\be42095ac6706dec950505be79bbd653c9826400a58b6.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1236-5-0x00000000012D0000-0x00000000013D0000-memory.dmp

Filesize
1024KB

Download
memory/1236-1-0x00000000001C0000-0x000000000021C000-memory.dmp

Filesize
368KB

Download