lumma | BunnymodXT[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

BunnymodXT.dll
Size

2.2MB
MD5

d73c69575e2a78786212a74ddcea9c45
SHA1

5c6723062ffd0dab561d54c95e84e64fae0b4054
SHA256

0fdb5ff85970e86786348b6cc4d0c6b86666d31aa4d7e52b192d6354cdc10ebc
SHA512

1578602b0ebf19c2a8c2aef98e632e0faf27dd00cf153cc976448c2d24650e08863696a1b9456f6fbc7e87bc8fcb69dd23761a592081244d7793567a5c839e37
SSDEEP

24576:c3cQPsF7UWkDko1d7RYC9UnjKK8OMUiU9+yQXhBTaidUD/Nwi+9ou0Hss9i7pPys:GTFkoSK5LNzUDaasN79s90zB

Score

10^/10

lumma

Malware Config

Signatures

Detect Lumma Stealer payload V4 1 IoCs

resource	yara_rule
sample	family_lumma_v4

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BunnymodXT.dll

Files

BunnymodXT.dll
.dll windows:6 windows x86 arch:x86

34a67abc7cb64148e34e15b985742740

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

opengl32

glVertex2f
glLineWidth
glDepthMask
glBlendFunc
glColor4f
glDisable
glMatrixMode
glLoadIdentity
glFrustum
glClearColor
glClear
wglGetProcAddress
glTexEnvf
glColor4ub
glBegin
glVertex2i
glEnd
glColor3f
glEnable

kernel32

EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
FreeLibraryAndExitThread
ExitThread
OpenMutexA
ReleaseMutex
CloseHandle
GetSystemTimeAsFileTime
GetSystemInfo
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileA
WriteFile
GetFileSizeEx
CreateFileMappingA
FormatMessageA
GetProcAddress
GetModuleHandleA
SetLastError
GetLastError
LocalFree
SwitchToThread
Sleep
GetCurrentProcessId
DuplicateHandle
GetCurrentProcess
UnmapViewOfFile
MapViewOfFileEx
SetEndOfFile
SetFilePointer
GetTickCount
LoadLibraryA
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
FreeLibrary
VirtualQuery
VirtualProtect
K32GetModuleInformation
GetModuleHandleW
GetModuleFileNameW
K32EnumProcessModules
AllocConsole
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleScreenBufferSize
SetConsoleTitleA
GetConsoleWindow
FreeConsole
WriteConsoleA
SetConsoleTextAttribute
WriteConsoleW
OpenEventW
SetEvent
CreateNamedPipeA
CreateEventA
ConnectNamedPipe
DisconnectNamedPipe
WaitForSingleObject
ReadFile
PeekNamedPipe
CreateFileW
WaitNamedPipeW
lstrlenW
MultiByteToWideChar
ReleaseSRWLockExclusive
FreeEnvironmentStringsW
GetConsoleCP
ReleaseSRWLockShared
AcquireSRWLockExclusive
GetCurrentThread
RtlCaptureContext
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
FlushFileBuffers
SetFilePointerEx
TerminateProcess
WakeAllConditionVariable
SleepConditionVariableSRW
WakeConditionVariable
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
CreateMutexA
TlsSetValue
FindNextFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
CreateEventW
GetConsoleMode
GetFileType
ExitProcess
GetFullPathNameW
WideCharToMultiByte
CreateThread
InitOnceBeginInitialize
TlsAlloc
InitOnceComplete
TlsFree
TlsGetValue
InterlockedFlushSList
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
SetStdHandle
HeapSize
FindClose
ReadConsoleW
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
AreFileApisANSI
HeapCreate
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
HeapDestroy
GetThreadContext
FlushInstructionCache
SetThreadContext
OpenThread
VirtualFree
VirtualAlloc
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
InitializeConditionVariable
SleepConditionVariableCS
RaiseException
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
FindFirstFileExW
GetFileAttributesExW

advapi32

RegCloseKey
RegCreateKeyExW
RegSetValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

ntdll

NtWriteFile
NtReadFile
RtlNtStatusToDosError

user32

ShowWindow
MessageBoxA

Exports

Exports

bxt_is_tas_editor_active
bxt_on_tas_playback_frame
bxt_on_tas_playback_stopped
bxt_simulation_ipc_is_client_initialized
bxt_tas_load_script_from_string
bxt_tas_new

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 435KB - Virtual size: 434KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 315.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34a67abc7cb64148e34e15b985742740

Headers

DLL Characteristics

File Characteristics

Imports

opengl32

kernel32

advapi32

ntdll

user32

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 435KB - Virtual size: 434KB

.data Size: 60KB - Virtual size: 315.5MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 94KB - Virtual size: 94KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 435KB - Virtual size: 434KB

.data
Size: 60KB - Virtual size: 315.5MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 94KB - Virtual size: 94KB