Overview

overview

10

Static

static

1

❂↶Fя�...up.exe

windows10-ltsc 2021-x64

10

❂↶Fя�...up.exe

windows11-21h2-x64

10

❂↶Fя�...up.exe

windows7-x64

10

Analysis

  • max time kernel
    136s
  • max time network
    146s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250217-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    01/03/2025, 12:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ❂↶Fяοм†Sωι†cн✦$ε†μρ✦Codε✦∀sα†Lωor❂🎶9192/Set-up.exe

  • Size

    1.8MB

  • MD5

    098ac4621ee0e855e0710710736c2955

  • SHA1

    ce7b88657c3449d5d05591314aaa43bd3e32bdaa

  • SHA256

    46afbf1cbd2e1b5e108c133d4079faddc7347231b0c48566fd967a3070745e7f

  • SHA512

    3042785b81bd18b641f0a2b5d8aec8ef86f9bf1269421fb96d1db35a913e744eaff16d9da7a02c8001435d59befb9f26bc0bbfa6e794811abf4282ed68b185fe

  • SSDEEP

    49152:GpjwrP6yVgBd39sUUzFti4aTotmIT3SxLmNKbx:GpjwrP6yKTOUmi4aTo1NK9

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://powerful-avoids.sbs/api

https://motion-treesz.sbs/api

https://disobey-curly.sbs/api

https://leg-sate-boat.sbs/api

https://story-tense-faz.sbs/api

https://blade-govern.sbs/api

https://occupy-blushi.sbs/api

https://frogs-severz.sbs/api

https://other-rans.cyou/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Blocklisted process makes network request 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\❂↶Fяοм†Sωι†cн✦$ε†μρ✦Codε✦∀sα†Lωor❂🎶9192\Set-up.exe
    "C:\Users\Admin\AppData\Local\Temp\❂↶Fяοм†Sωι†cн✦$ε†μρ✦Codε✦∀sα†Lωor❂🎶9192\Set-up.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:3060
    • C:\Windows\SysWOW64\more.com
      C:\Windows\SysWOW64\more.com
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:4656
      • C:\Windows\SysWOW64\msiexec.exe
        C:\Windows\SysWOW64\msiexec.exe
        3⤵
        • Blocklisted process makes network request
        • System Location Discovery: System Language Discovery
        PID:2068

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4c7a5c83
    Filesize

    1.0MB

    MD5

    c1f828b1b74ac7392d146eee4bf57c43

    SHA1

    5d1a478060a12bae2df4561f573c39dbdf6f67ea

    SHA256

    d4bdb269153e09843a4bd08989720519248eb70bb940c8d9676d379da0f4c207

    SHA512

    8e00ab1c21c08f1c046cbb58cce2238d5477860adb79cfd813bc8f4508ac1c2bbbd11da4eebce8c5b0c0b6d5efa3581dfd802bb4fe207ca151dec99d5ab7a802

    Download Submit

  • memory/2068-27-0x0000000000830000-0x0000000000842000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2068-26-0x00000000002A0000-0x00000000002FE000-memory.dmp

    Filesize

    376KB

    Download

  • memory/2068-25-0x00007FFA1BED0000-0x00007FFA1C0C8000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3060-8-0x00007FFA1BED0000-0x00007FFA1C0C8000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3060-13-0x0000000000400000-0x000000000061B000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3060-9-0x0000000073190000-0x0000000075147000-memory.dmp

    Filesize

    31.7MB

    Download

  • memory/3060-10-0x0000000072E50000-0x0000000072FCB000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3060-12-0x00000000738DB000-0x0000000074110000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/3060-1-0x00000000001F0000-0x00000000001F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3060-7-0x0000000072E50000-0x0000000072FCB000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3060-0-0x00000000738DB000-0x0000000074110000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/3060-2-0x0000000073190000-0x0000000075147000-memory.dmp

    Filesize

    31.7MB

    Download

  • memory/3060-6-0x0000000073190000-0x0000000075147000-memory.dmp

    Filesize

    31.7MB

    Download

  • memory/4656-19-0x0000000072E50000-0x0000000072FCB000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4656-23-0x0000000072E50000-0x0000000072FCB000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4656-24-0x0000000072E51000-0x0000000072E5F000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4656-18-0x0000000072E50000-0x0000000072FCB000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4656-16-0x00007FFA1BED0000-0x00007FFA1C0C8000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4656-15-0x0000000072E51000-0x0000000072E5F000-memory.dmp

    Filesize

    56KB

    Download