lumma | 75d810349b4edb62ed10b4ecd0b58522 | Triage

Sharing

General

Target

75d810349b4edb62ed10b4ecd0b58522
Size

50KB
MD5

75d810349b4edb62ed10b4ecd0b58522
SHA1

9134c23e3ba665b4aa60d29cff6b144145260041
SHA256

cff21c5f5bc8c5280a1aa39b2e1adff16a6af73f5a401cf92aaf35b676b8b3dd
SHA512

f44ae562548f050d42fb05165b65759209b426987f0eb447958144f9599ae9957dd34cc78f251742396f84c01656ebd05fbbef21c1ca6a26b7a06c44859ee7f3
SSDEEP

768:7kOPZTbQmaRPmeFaxLWl6uxvPrBtNzRL0+1v2skXpvWy5IDWaRGDMYFBJV4Nhj5a:7/hHoFKKlFR9tnL0umXhWwxJDBJ+l5i

Score

10^/10

upx lumma

Malware Config

Signatures

Detect Lumma Stealer payload V4 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_lumma_v4

Lumma family
lumma

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
75d810349b4edb62ed10b4ecd0b58522
unpack001/out.upx

Files

75d810349b4edb62ed10b4ecd0b58522
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

hews
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hews
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

YYuft
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

YYufta
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE