Overview

overview

10

Static

static

3

Loader.exe

windows7-x64

10

Loader.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/01/2025, 14:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Loader.exe

  • Size

    395KB

  • MD5

    d77614f7ea4b89a831874b3dfdd909a9

  • SHA1

    69274a7177d81ff53e1f5ad6577035bc082f4bce

  • SHA256

    9f9004cec568da6b1b35447ae42e9482df421162a32fcdca5b91fa78128e6efe

  • SHA512

    89b81e244bf7363bdce32663c4e5dd4ff99cd1d1ca12d3311e40f0ddc96494d79f95892e44cc2a3bcbfdd81e24749960c7240b1179d94c8f298ceaaa498f03e1

  • SSDEEP

    6144:7WAoFwzNQONWylo7HJ7grXn9t97k8zq3K0saL0oo/kAczM2ZcIjg1iLA/nmol2nF:7FbzyONWyq7HFe9/jAoaLSsysL2nmq0j

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://toppyneedus.biz/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Loader.exe
    "C:\Users\Admin\AppData\Local\Temp\Loader.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3644
    • C:\Users\Admin\AppData\Local\Temp\Loader.exe
      "C:\Users\Admin\AppData\Local\Temp\Loader.exe"
      2⤵
        PID:1492
      • C:\Users\Admin\AppData\Local\Temp\Loader.exe
        "C:\Users\Admin\AppData\Local\Temp\Loader.exe"
        2⤵
        • System Location Discovery: System Language Discovery
        PID:2352
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 824
        2⤵
        • Program crash
        PID:4904
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3644 -ip 3644
      1⤵
        PID:4848

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2352-4-0x0000000000400000-0x000000000045D000-memory.dmp

        Filesize

        372KB

        Download

      • memory/2352-6-0x0000000000400000-0x000000000045D000-memory.dmp

        Filesize

        372KB

        Download

      • memory/2352-8-0x0000000000400000-0x000000000045D000-memory.dmp

        Filesize

        372KB

        Download

      • memory/3644-0-0x00000000753AE000-0x00000000753AF000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3644-1-0x0000000000B00000-0x0000000000B6A000-memory.dmp

        Filesize

        424KB

        Download

      • memory/3644-2-0x0000000005A30000-0x0000000005FD4000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/3644-7-0x00000000753A0000-0x0000000075B50000-memory.dmp

        Filesize

        7.7MB

        Download