lumma | 1424-61-0x0000000000400000-0x0000000000482000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1424-61-0x0000000000400000-0x0000000000482000-memory.dmp
Size

520KB
MD5

570e3ffb3017e701c503dab754ee74d8
SHA1

bcf7ca4589fcf09b1b34e6a33e8a4556597686bd
SHA256

42e8cacc5d0abe1498dbf4d871334b6f7d2c46d0fecc6298815ae72559b9b276
SHA512

2e15c03ee0e0fb0a83bd8f172cbe3f4449a27548d4762b27af22836c7b150cc16aea40d376b0ad58ed19dfebeb9c27a066a2fe0c66016f4c9198a62481e79bda
SSDEEP

12288:DW4Rl81exXc3s676HOBxqm8HqS5z2Tuyf7dNm65KNaX:DWFeJc3sIpY6Sk777m655

Score

10^/10

lumma

Malware Config

Extracted

Family

lumma

C2

gstatic-node.io

Signatures

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1424-61-0x0000000000400000-0x0000000000482000-memory.dmp

Files

1424-61-0x0000000000400000-0x0000000000482000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ