Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    05-01-2025 16:06

General

  • Target

    Wave.exe

  • Size

    513KB

  • MD5

    75ed57737c412920b83115a7f83ab080

  • SHA1

    b0c063d5a3ce591344a3e75b0d6684831e4dd5be

  • SHA256

    465a5e75e0dc8f8ea267e50b10ad2500004351ab9de751a559845a33eb776174

  • SHA512

    856b7d3bb38c8549cacfffcd4ab2bcc850b42fdac6c17ec5169cdd9ee037b04f57aab165590302706d8d70ef022737af9a707646656b8e89bc34e7e3d4a9bc71

  • SSDEEP

    12288:pCNPcUlbc0Lc9bJOqEyBngvKDqcmUPnwYXLFNKScYr:pCWUlbc0LcFJOqEJSD4UPwYXL

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

  • Lumma family
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\Wave.exe
    "C:\Users\Admin\AppData\Local\Temp\Wave.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:2340

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Roaming\gdi32.dll

    Filesize

    454KB

    MD5

    d21c3f41ef9c6edbda37fffd0118e8fa

    SHA1

    2517d28e67e8ae3bc786d40a706b5b3a94cb8eac

    SHA256

    d185706d8f5f370c07e7ed12483919a6c68193a54728878dde2a019d4cf65755

    SHA512

    e4f829d4c41e4c149f20b08526806c3e76825f73de28043029134d46f9deede9ad03f2f131535bf807501c838ca4f4858f4d9e24d7e587b8577b528157d61050

  • memory/2340-0-0x000000007468E000-0x000000007468F000-memory.dmp

    Filesize

    4KB

  • memory/2340-1-0x0000000001370000-0x00000000013F6000-memory.dmp

    Filesize

    536KB

  • memory/2340-6-0x0000000077070000-0x0000000077131000-memory.dmp

    Filesize

    772KB

  • memory/2340-7-0x0000000074680000-0x0000000074D6E000-memory.dmp

    Filesize

    6.9MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.