lumma | 9043fddbf88a56f784bf4d52c3ddf7837cc8206e77fe831755e8ec511e5d4329

Analysis

max time kernel
13s
max time network
17s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-01-2025 18:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Crypteddd (1).exe
Size

154KB
MD5

078dd8a7d37a595a810bc74259df2da4
SHA1

f907f1c7b62b2fdc8d271c574fe69974c3196ec9
SHA256

9043fddbf88a56f784bf4d52c3ddf7837cc8206e77fe831755e8ec511e5d4329
SHA512

59bfe3b445955f2e6e33972fbfd5b27b8a28ad5d2222723155ba282bde323e788c50b2ea4f22bd4c714935f3502baf2cf7ae32173384af0fcddac3398119d963
SSDEEP

3072:YNV66VBT+g2dzD/0b+US6XiDMcDUI+z4X8qfh4uZtxw+GwX1hy00WWmfEad:C6KQg2N/0CUSsiDMc0zhOhrZtx7Gihy2

Score

10^/10

lumma discovery stealer upx

Malware Config

Extracted

Family

lumma

https://showpanicke.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4340-0-0x0000000000C60000-0x0000000000CBE000-memory.dmp	upx
behavioral2/memory/4340-2-0x0000000000C60000-0x0000000000CBE000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Crypteddd (1).exe

C:\Users\Admin\AppData\Local\Temp\Crypteddd (1).exe
"C:\Users\Admin\AppData\Local\Temp\Crypteddd (1).exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4340-0-0x0000000000C60000-0x0000000000CBE000-memory.dmp

Filesize
376KB

Download
memory/4340-2-0x0000000000C60000-0x0000000000CBE000-memory.dmp

Filesize
376KB

Download