Analysis
-
max time kernel
93s -
max time network
204s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
19-01-2025 16:56
General
-
Target
SbieCtrl.exe
-
Size
3.2MB
-
MD5
b258355c6111fc69e4fba1c4c9c7ad44
-
SHA1
4fc0ad0b5246ef80e94929104483d8264c673481
-
SHA256
a1dfdadb5d8aa92efb1edb2ff281f205d14d10526b1b70272af121a5ed64f1fa
-
SHA512
d586baa499a27772631972ba5b5afa6ae7b0b94709c04e67b9b5a15ca7fd73788d0919e09be3873ab1956449dfbbc27eccbff4b506d61012f3ce2f162392f0a2
-
SSDEEP
49152:RVun9dkI2fZKTRQOXjuOvDApXkFDbHMnE++X3mDWRPhm3K9IMrPTfRmsHxQK2GWH:RufvCcuE++hhm3grNmsRQKW0jijZ
Malware Config
Extracted
lumma
https://sensatiogener.sbs/api
Signatures
-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious behavior: MapViewOfSection 2 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SbieCtrl.exe"C:\Users\Admin\AppData\Local\Temp\SbieCtrl.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\quickSecurity\SbieCtrl.exeC:\Users\Admin\AppData\Roaming\quickSecurity\SbieCtrl.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe3⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe4⤵
- System Location Discovery: System Language Discovery
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.0MB
MD51528f4b90ad7a4f2f06bda1591031c97
SHA16752ca53be8e2044c784ee7f68f6299eeed4d9f4
SHA256639b9be058400ee38b78871e16e8623409a79c3abd22e658aa70bccaf667fc6c
SHA5129d57fcce34e9e792e656f45b9aa11631ab3e994638b1609cce173de8f67b41d2493b575cd62afaa55fa50d2486f2fbcf4564e20a828c346a9b1796540f900536
-
Filesize
3.2MB
MD5b258355c6111fc69e4fba1c4c9c7ad44
SHA14fc0ad0b5246ef80e94929104483d8264c673481
SHA256a1dfdadb5d8aa92efb1edb2ff281f205d14d10526b1b70272af121a5ed64f1fa
SHA512d586baa499a27772631972ba5b5afa6ae7b0b94709c04e67b9b5a15ca7fd73788d0919e09be3873ab1956449dfbbc27eccbff4b506d61012f3ce2f162392f0a2
-
Filesize
856KB
MD5cd327c365959c281d561ff224ebb3fab
SHA11528b10d3d04e95d722bc9443c20522dd4e89e0e
SHA256dc4f7b5aeb5b15a72ea230112986db9b2f8ef6c970fb74930cdd2188a4397e1b
SHA512ec8c4be844ba0f50f070d1e533c165d30c3a90b38b837e58c4ed966a9e9cc4fd41ece013458fcf7c3d3c244024f8b4cb213d39f0819210334430d39a4452c955
-
Filesize
791KB
MD50efa9cd7b301e983f6e3b412f14f6252
SHA11fd1d2338bd41d4a3ef2545da8e19f67f9775c80
SHA256b773e68c4801f933becf780b260bfb0d00094ca61df33feae4b52bf49772a07e
SHA51292c52b03234256fdd6371853625e83c97048a7abb8602a52d73d63217e85d52832f60b6cb4f6b1d86b78c73c2169a748e0ae1a6f4ec38386267b23ef5193ff3f
-
Filesize
37KB
MD5d125cedbbfe725a94948561401f0a555
SHA13b2484f8600f42ebbeb89093b8efeab4cb173c37
SHA256c10719865726f362838d5ac424bfb83679e9c8e27743894faeccc5c2d55dc07f
SHA51218280f1741ff0f3d93d7f476974d736fdf67678fd0e53b277459203679e43fdea48423e4c43122ecc7cf605ca0a197788bb446753f52c24820b1fc1870d9fef5
-
Filesize
1.5MB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
2.0MB
-
Filesize
1.4MB
-
Filesize
4KB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
352KB
-
Filesize
2.0MB
-
Filesize
352KB