lumma | 04f6e7981da6d901915b27d08e509dbe

Sharing

Copy URL Twitter E-mail

General

Target

04f6e7981da6d901915b27d08e509dbe
Size

5.0MB
MD5

04f6e7981da6d901915b27d08e509dbe
SHA1

cf0f2c8e889f077f19b256647aa01ec148cf9961
SHA256

76ce2fd0a23e17920d12b26ff9e4e148078b12e67e7759bf5a8f034477916cf4
SHA512

77af3588870b9f9b43b22cd04506cc18e7a13bb69900e5afed0ecbaa411b492b606db9a23b8cd4e0e956c5f3510eded479d9f4937a61025669ea300bdfa3c534
SSDEEP

49152:lezdFcTIRGPiSC+7AE7wLLXxrF3YdulD4ewlacnS4R3zycd+pP3/1+VoAlXdWoli:gzbmYvLXxrFI7H+pP3/1CL+406aP

Score

10^/10

lumma

Malware Config

Signatures

Detect Lumma Stealer payload V4 1 IoCs

resource	yara_rule
sample	family_lumma_v4

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04f6e7981da6d901915b27d08e509dbe

Files

04f6e7981da6d901915b27d08e509dbe
.exe windows:6 windows x86 arch:x86

0ce06f64268f23068025f02f876e2f06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dsound

ord1

kernel32

ReadFile
GetFileSize
GetSystemDirectoryA
ExitProcess
FindClose
FindNextFileA
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateDirectoryA
WriteFile
GetLocalTime
OutputDebugStringA
GetCurrentDirectoryA
CreateProcessA
WritePrivateProfileStringA
SetFilePointer
VirtualProtect
VirtualQuery
GlobalAlloc
GetComputerNameA
SuspendThread
DeleteFileA
ResumeThread
CopyFileA
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
SetThreadPriority
TerminateThread
GetExitCodeThread
_lopen
_lcreat
_lread
_lwrite
_lclose
CompareFileTime
GlobalUnlock
GlobalLock
GlobalHandle
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
IsDBCSLeadByte
LocalAlloc
LocalFree
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
TerminateProcess
CreateMutexA
GetVersionExA
SetEndOfFile
CreateFileW
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindFirstFileExA
SetConsoleCtrlHandler
GetTimeZoneInformation
SetFilePointerEx
FindFirstFileA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetFileType
GetACP
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
GetCPInfo
CompareStringEx
GetStringTypeW
lstrcpyA
lstrcpynA
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
FreeLibraryAndExitThread
GetTickCount
OpenThread
GetCurrentThreadId
CreateThread
GetCurrentProcessId
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateFileA
DuplicateHandle
CloseHandle
IsDebuggerPresent
DeleteCriticalSection
InitializeCriticalSectionEx
GetLocaleInfoEx
LCMapStringEx
EncodePointer
FormatMessageA
lstrcmpiA
lstrcmpA
WriteConsoleW
lstrcatA
ExitThread
GetCurrentThread
Sleep
Module32Next
Module32First
Thread32Next
Thread32First
CreateToolhelp32Snapshot
FlushFileBuffers
lstrlenA
DecodePointer
RaiseException
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap

user32

UnregisterClassA
CheckMenuItem
CreateMenu
SetMenu
GetMenu
EnableMenuItem
SetForegroundWindow
LoadIconA
DestroyIcon
SetWindowPos
GetAsyncKeyState
AdjustWindowRect
SetWindowLongA
LoadMenuA
CharToOemA
OemToCharA
CharUpperA
PostMessageA
CallWindowProcA
SetFocus
GetForegroundWindow
AdjustWindowRectEx
GetSystemMetrics
GetWindowTextA
FindWindowA
GetWindow
wsprintfA
CharLowerA
EnumWindows
GetClassNameA
GetDC
ReleaseDC
SetWindowTextA
GetClientRect
ClientToScreen
OffsetRect
SendMessageA
GetKeyState
MessageBoxA
LoadKeyboardLayoutA
GetKeyboardLayoutNameA
TranslateMessage
DispatchMessageA
PeekMessageA
DefWindowProcA
GetWindowLongA
SetTimer
PostQuitMessage
RegisterClassA
CreateWindowExA
DestroyWindow
ShowWindow
CreateDialogParamA
GetDlgItem
ShowCursor
UpdateWindow
LoadCursorA
WaitMessage

gdi32

CreateSolidBrush
GetTextColor
GetStockObject
SetBkMode
GetObjectA
SelectObject
GetDIBits
DeleteDC
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetTextExtentPointA
SetTextColor
DeleteObject
CreateFontA

advapi32

RegCloseKey
RegDeleteValueA
RegOpenKeyA
RegCreateKeyExA

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateFontA
D3DXGetImageInfoFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx

winmm

timeGetTime
timeSetEvent
timeKillEvent
timeBeginPeriod
timeEndPeriod
mmioOpenA
mmioClose
mmioRead
mmioWrite
mmioSeek
mmioGetInfo
mmioSetInfo
mmioAdvance
mmioDescend
mixerSetControlDetails
mixerGetControlDetailsA
mixerGetLineControlsA
mixerGetLineInfoA
mixerClose
mixerOpen
mixerGetDevCapsA
mmioCreateChunk
mmioAscend

shlwapi

PathFileExistsA

msvfw32

ICSendMessage
ICDecompress
ICLocate
ICClose

avifil32

AVIStreamOpenFromFileA
AVIStreamInfoA
AVIStreamRelease
AVIFileExit
AVIFileInit
AVIStreamRead
AVIStreamLength
AVIStreamReadFormat

iphlpapi

GetAdaptersInfo

wininet

InternetOpenUrlA
InternetCloseHandle
InternetReadFile
InternetOpenA
HttpQueryInfoA

wsock32

closesocket
ioctlsocket
WSACleanup
accept
bind
connect
inet_ntoa
htons
select
__WSAFDIsSet
WSAAsyncSelect
WSAGetLastError
WSAStartup
gethostname
gethostbyname
inet_addr
setsockopt
send
recv
listen
socket

imm32

ImmGetDescriptionA
ImmGetProperty
ImmGetContext
ImmReleaseContext
ImmGetCompositionStringA
ImmGetCandidateListCountA
ImmGetCandidateListA
ImmGetConversionStatus
ImmSetConversionStatus
ImmSetOpenStatus

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 97.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ce06f64268f23068025f02f876e2f06

Headers

DLL Characteristics

File Characteristics

Imports

dsound

kernel32

user32

gdi32

advapi32

shell32

ole32

d3d9

d3dx9_43

winmm

shlwapi

msvfw32

avifil32

iphlpapi

wininet

wsock32

imm32

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 440KB - Virtual size: 440KB

.data Size: 1.4MB - Virtual size: 97.3MB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 440KB - Virtual size: 440KB

.data
Size: 1.4MB - Virtual size: 97.3MB

.rsrc
Size: 4KB - Virtual size: 4KB