lumma | b2a10d42ed9b902a6a4a40b47da8448c9fa61f268f3ffb37d08bd5f5e213a0af

Analysis

max time kernel
193s
max time network
300s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
01-07-2024 05:07

Target

b2a10d42ed9b902a6a4a40b47da8448c9fa61f268f3ffb37d08bd5f5e213a0af.exe
Size

6.2MB
MD5

b9265c31743db2e9698a08df7b0c5e9d
SHA1

aa01367b13f827a5773d0781692809ae175bc718
SHA256

b2a10d42ed9b902a6a4a40b47da8448c9fa61f268f3ffb37d08bd5f5e213a0af
SHA512

1678d62ad17ce27394599f2835f3c1f209f544fdfae4c54034e7da06936768fe487a55811d9f0919018113af50153437ea0631968814910db69df0ffda36a133
SSDEEP

49152:+qMb251mXUaFTyH5FYbRtQtD0gwbJBhOXg+QREJXNwrkjf5EfGd+NeDPk4A92+f9:ssyHA56IXg+TXfEfGVhgw6

Score

10^/10

Family

lumma

https://groundsmooors.shop/api

https://potterryisiw.shop/api

https://foodypannyjsud.shop/api

https://contintnetksows.shop/api

https://reinforcedirectorywd.shop/api

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Suspicious use of SetThreadContext 1 IoCs

Processes:

b2a10d42ed9b902a6a4a40b47da8448c9fa61f268f3ffb37d08bd5f5e213a0af.exe

description pid process target process

PID 4140 set thread context of 5032 4140 b2a10d42ed9b902a6a4a40b47da8448c9fa61f268f3ffb37d08bd5f5e213a0af.exe BitLockerToGo.exe

description	pid	process	target process
PID 4140 set thread context of 5032	4140	b2a10d42ed9b902a6a4a40b47da8448c9fa61f268f3ffb37d08bd5f5e213a0af.exe	BitLockerToGo.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

b2a10d42ed9b902a6a4a40b47da8448c9fa61f268f3ffb37d08bd5f5e213a0af.exe

description	pid	process	target process
PID 4140 wrote to memory of 5032	4140	b2a10d42ed9b902a6a4a40b47da8448c9fa61f268f3ffb37d08bd5f5e213a0af.exe	BitLockerToGo.exe
PID 4140 wrote to memory of 5032	4140	b2a10d42ed9b902a6a4a40b47da8448c9fa61f268f3ffb37d08bd5f5e213a0af.exe	BitLockerToGo.exe
PID 4140 wrote to memory of 5032	4140	b2a10d42ed9b902a6a4a40b47da8448c9fa61f268f3ffb37d08bd5f5e213a0af.exe	BitLockerToGo.exe
PID 4140 wrote to memory of 5032	4140	b2a10d42ed9b902a6a4a40b47da8448c9fa61f268f3ffb37d08bd5f5e213a0af.exe	BitLockerToGo.exe
PID 4140 wrote to memory of 5032	4140	b2a10d42ed9b902a6a4a40b47da8448c9fa61f268f3ffb37d08bd5f5e213a0af.exe	BitLockerToGo.exe

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
2⤵
PID:5032

memory/4140-4-0x00007FF636D40000-0x00007FF6373D6000-memory.dmp

Filesize
6.6MB

Download
memory/4140-6-0x00007FF636D40000-0x00007FF6373D6000-memory.dmp

Filesize
6.6MB

Download
memory/5032-5-0x0000000002B10000-0x0000000002B69000-memory.dmp

Filesize
356KB

Download
memory/5032-9-0x0000000002B10000-0x0000000002B69000-memory.dmp

Filesize
356KB

Download
memory/5032-8-0x0000000002B10000-0x0000000002B69000-memory.dmp

Filesize
356KB

Download