Analysis

  • max time kernel
    106s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250610-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250610-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/07/2025, 07:21

General

  • Target

    379727978b4de18a48e9f77851f8e114.exe

  • Size

    1.2MB

  • MD5

    379727978b4de18a48e9f77851f8e114

  • SHA1

    4d88ad621daf90fe1a8dc9d63b977eb080e3d228

  • SHA256

    b2d8f6b7d67fb733ae5ab63ec1d942d62085b584be9b113e130a80c406d248d8

  • SHA512

    06d9d5473c9fda54681d23baf7162b2c95da767575ca51eeada9ddb298123d764ecba418eebe67ccb6005e0d9f8b28a9d7ac60cdf8d265570d2b00067714b50d

  • SSDEEP

    24576:PS6Hg7JOPy1xDoeAkCKexhp6JjwuMVLQ6SkbFhp6JjwuMVLQ6Skb:PRgFJ7mKexhp6tLMVLQIhp6tLMVLQ

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://t.me/vstalnasral555

https://swenku.xyz/gaok

https://pacwpw.xyz/qwpr

https://comkxjs.xyz/taox

https://unurew.xyz/anhd

https://trsuv.xyz/gait

https://sqgzl.xyz/taoa

https://cexpxg.xyz/airq

https://urarfx.xyz/twox

https://liaxn.xyz/nbzh

Attributes
  • build_id

    5b8ccba1bb4bae56aff70e6fec3240d7280a85db0270352db3

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

  • Lumma family
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\379727978b4de18a48e9f77851f8e114.exe
    "C:\Users\Admin\AppData\Local\Temp\379727978b4de18a48e9f77851f8e114.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3556
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:5212

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/5212-0-0x0000000000400000-0x000000000045D000-memory.dmp

          Filesize

          372KB

        • memory/5212-2-0x0000000000400000-0x000000000045D000-memory.dmp

          Filesize

          372KB

        • memory/5212-3-0x0000000000400000-0x000000000045D000-memory.dmp

          Filesize

          372KB

        • memory/5212-4-0x0000000000400000-0x000000000045D000-memory.dmp

          Filesize

          372KB