Overview

overview

10

Static

static

10

frick-main/bil2.exe

windows10-ltsc_2021-x64

7

frick-main/bil3.exe

windows10-ltsc_2021-x64

10

frick-main...rw.exe

windows10-ltsc_2021-x64

8

frick-main/first.exe

windows10-ltsc_2021-x64

10

frick-main...ve.exe

windows10-ltsc_2021-x64

10

frick-main...ix.exe

windows10-ltsc_2021-x64

10

frick-main...rd.exe

windows10-ltsc_2021-x64

10

frick-main...st.exe

windows10-ltsc_2021-x64

10

frick-main...ur.exe

windows10-ltsc_2021-x64

10

frick-main...wd.exe

windows10-ltsc_2021-x64

10

frick-main/second.exe

windows10-ltsc_2021-x64

10

Analysis

  • max time kernel
    290s
  • max time network
    214s
  • platform
    windows10-ltsc_2021_x64
  • resource
    win10ltsc2021-20250314-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
  • submitted
    19/04/2025, 06:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    frick-main/nowiwkgtjawd.exe

  • Size

    1.2MB

  • MD5

    68990826d0c23198824e74689425bd44

  • SHA1

    4751460e2ec2971349eb19ef11ffda342a1955d7

  • SHA256

    0288e0fbfefb8623b2b0dac003316fc94251350e25ac4a568d4e7376820b592b

  • SHA512

    b655c3c9f44c611e1e7c4d5a90a9ed8c9f786a05623bfc41b6b0539bd5854dede0127774ceeb238e74c7976bb992988b3490d64d9e2b35044bd43be70d2813ce

  • SSDEEP

    24576:egJzVGbca5oMHgLaK8cAsL2jqWzZaoCkxdGOXkxeHl0uqeAWLb0onF/v:eg9VoQaXDGuJ1/Ckxd1lHl0upLnt

Score
10/10
lummadiscoveryspywarestealer

Malware Config

Extracted

Family

lumma

C2

https://twilitghtarc.live/gposzd

https://jawdedmirror.run/ewqd

https://lchangeaie.top/geps

https://lonfgshadow.live/xawi

https://liftally.top/xasj

https://nighetwhisper.top/lekd

https://qsalaccgfa.top/gsooz

https://zestmodp.top/zeda

https://howlflright.digital/qopy

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger 30 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\frick-main\nowiwkgtjawd.exe
    "C:\Users\Admin\AppData\Local\Temp\frick-main\nowiwkgtjawd.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:5592

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5592-0-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-2-0x0000000004600000-0x0000000004606000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5592-1-0x0000000004600000-0x0000000004606000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5592-7-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-6-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-8-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-9-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-10-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-11-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-12-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-13-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-14-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-15-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-16-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-17-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-18-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-19-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-20-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-21-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-22-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-23-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-24-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-25-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-26-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-27-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-28-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-29-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-30-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-31-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-32-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-33-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-34-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5592-35-0x00000000006A0000-0x0000000000A65000-memory.dmp

    Filesize

    3.8MB

    Download