lumma | 3c5eb448209ea3b2b14659f8f1290c15

Sharing

Copy URL

Twitter E-mail

General

Target

3c5eb448209ea3b2b14659f8f1290c15
Size

197KB
MD5

3c5eb448209ea3b2b14659f8f1290c15
SHA1

05c094e2c7b72819049522d52ef9bc5e3c46039f
SHA256

cfe0b63de3dbe3749075d85f690bfb1e174413b8af361baaa997d37907ed9009
SHA512

07c9dc8bfbe48710f8b0b44806b0684fc644a4f080c54d7be966da17c5bca113a7686b2211ecdbea65411fd062a631c5268f36f3cac33b42404ded6f9d2e5228
SSDEEP

6144:DtGXhKKQhya/mSaCK16kvvom6K83zbuJhoeSK:RoKKQRmjp6ImziGK

Score

10^/10

lumma

Malware Config

Signatures

Detect Lumma Stealer payload V4 1 IoCs

resource	yara_rule
sample	family_lumma_v4

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c5eb448209ea3b2b14659f8f1290c15

Files

3c5eb448209ea3b2b14659f8f1290c15
.exe windows:4 windows x86 arch:x86

369d847ed6e46a3a5c7259517dc0bb82

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ws2_32

inet_addr
connect
WSACleanup
WSAStartup
socket
setsockopt
ioctlsocket
htons
bind
listen
send
select
__WSAFDIsSet
accept
recv
closesocket

kernel32

GetFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
MultiByteToWideChar
Sleep
ReadFile
CloseHandle
WriteFile
TransactNamedPipe
CreateFileA
GetLastError
CopyFileA
WideCharToMultiByte
GetFileSize
CreateThread
ExitThread
LeaveCriticalSection
EnterCriticalSection
GetTickCount
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetLocalTime
SetFilePointer
GetSystemDirectoryA
QueryPerformanceCounter
QueryPerformanceFrequency
ExitProcess
CreateProcessA
GetTimeFormatA
GetDateFormatA
GetFileAttributesA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindNextFileA
FindFirstFileA
LoadLibraryA
GetProcAddress
GetModuleHandleA
FormatMessageA
GlobalUnlock
GlobalLock
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetFileTime
ExpandEnvironmentStringsA
SetFileAttributesA
GetTempPathA
GetComputerNameA
GetCurrentProcess
TerminateProcess
lstrcmpiA
OpenProcess
DeleteFileA
GetCurrentProcessId
WaitForSingleObject
CreateMutexA
TerminateThread
MoveFileA
GetExitCodeProcess
PeekNamedPipe
DuplicateHandle
CreatePipe
SetConsoleCtrlHandler
GetLocaleInfoA
GetVersionExA
GetLogicalDrives
WaitForMultipleObjects
GenerateConsoleCtrlEvent
GlobalMemoryStatus
HeapAlloc
HeapFree
HeapReAlloc
GetTimeZoneInformation
GetSystemTime
GetStartupInfoA
GetCommandLineA
GetVersion
GetCPInfo
GetACP
GetOEMCP
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
LCMapStringA
LCMapStringW
UnhandledExceptionFilter

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

369d847ed6e46a3a5c7259517dc0bb82

Headers

File Characteristics

Imports

ws2_32

kernel32

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 75KB - Virtual size: 386KB

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 75KB - Virtual size: 386KB