lumma | 020ec9ad8cf03132721870fee2387344

Sharing

Copy URL

Twitter E-mail

General

Target

020ec9ad8cf03132721870fee2387344
Size

169KB
MD5

020ec9ad8cf03132721870fee2387344
SHA1

7179b1d2a06b27a1a250f45e5d5ca08f401b0081
SHA256

7df45b26a247811ca6ab23114d0f0d166895f2abfcd17628e79e23d6aa2fe98b
SHA512

0ad8bad7a97a73e595b3689eb7ab2ff278ef346ce360c2348194c0bdb32084966813374fb4a72eb4d0aaedcf76826736e8b740a4a56f0d3d422c55ca65a7ccf8
SSDEEP

1536:3b9++PEGU340n3bvIFL3FvJfrxIABg2hPeTMSLz/m1I01E2mtall4txuqkG8WEbe:3Q+8ERvTnNVSu1zBmtall4bWpml4fLy

Score

10^/10

lumma

Malware Config

Signatures

Detect Lumma Stealer payload V4 1 IoCs

resource	yara_rule
sample	family_lumma_v4

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
020ec9ad8cf03132721870fee2387344

Files

020ec9ad8cf03132721870fee2387344
.exe windows:4 windows x86 arch:x86

c386cb54ee13fe279f8667501eb9dac8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WriteFile
CreateFileA
DeleteFileA
GetVersionExA
GlobalMemoryStatus
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
TerminateProcess
OpenProcess
lstrcpyA
lstrcpynA
GetFileSize
ReadFile
SetFilePointer
GetDateFormatA
GetFileAttributesA
ExpandEnvironmentStringsA
FindNextFileA
FindFirstFileA
DuplicateHandle
GetCurrentProcess
CreatePipe
GetWindowsDirectoryA
GetExitCodeProcess
PeekNamedPipe
GetModuleHandleA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
RtlUnwind
GetFileType
GetStdHandle
TerminateThread
lstrlenA
GetLocalTime
GetTimeFormatA
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
LoadLibraryA
FindClose
GetProcAddress
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
CreateThread
GetModuleFileNameA
GetTempPathA
CreateMutexA
GetLastError
Sleep
GetSystemDirectoryA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersion
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
ExitProcess
CopyFileA
CreateProcessA
SetEndOfFile

user32

CharToOemA
GetAsyncKeyState
IsWindow
MapVirtualKeyA
keybd_event
DestroyWindow
FindWindowA
SendMessageA
GetForegroundWindow
GetKeyState
GetWindowTextA

gdi32

GetDeviceCaps
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
GetDIBColorTable
DeleteObject
DeleteDC
CreateDCA

mpr

WNetAddConnection2A
WNetCancelConnection2A

advapi32

RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA

shell32

ShellExecuteA

ws2_32

setsockopt
htons
getsockname
sendto
WSAGetLastError
WSASocketA
gethostbyname
WSAStartup
WSACleanup
closesocket
connect
send
socket
recv
inet_addr
ntohl
ntohs
__WSAFDIsSet
WSAAsyncSelect
bind
listen
accept
ioctlsocket
select
gethostbyaddr
htonl
inet_ntoa

wininet

InternetOpenUrlA
InternetCloseHandle
InternetReadFile
InternetOpenA

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c386cb54ee13fe279f8667501eb9dac8

Headers

File Characteristics

Imports

kernel32

user32

gdi32

mpr

advapi32

shell32

ws2_32

wininet

avicap32

Sections

.text Size: 101KB - Virtual size: 100KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 48KB - Virtual size: 235KB

.idata Size: 5KB - Virtual size: 4KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 101KB - Virtual size: 100KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 48KB - Virtual size: 235KB

.idata
Size: 5KB - Virtual size: 4KB

.reloc
Size: 11KB - Virtual size: 10KB