General
-
Target
f419d6307da917925bdb1862615067ead340ce2e726629a76d3cc6b44cd23697.zip
-
Size
355KB
-
MD5
e6159277a4143f9cffca5729bd72a122
-
SHA1
0f52e8d768671aa1a0f75fbc525a2ae76dc91ea5
-
SHA256
0d44560c07dd0f313bf247fbb8d87ab9e68abefd2edb2a660a988152147ad43d
-
SHA512
b29d18c28d53cd1beed89bb2dcfb7dfd4b1e8ef470b8bce57a0d3d0c76d87ac4fac9a6871ed1ff9938154aae642c3829877232dc550bf52d8bd731ed378f7ec1
-
SSDEEP
6144:+G1SFmgxkqsjzOuNWy7xtUk3wlo9vOHitSEmFbggFDPcVCIQye2jK6IWEwMsKB:+OSAgDpFmxat+9vUi4FfcJQh5OTBo
Malware Config
Extracted
lumma
185.99.133.246
Signatures
-
Detect Lumma Stealer payload V2 1 IoCs
resource yara_rule static1/unpack001/f419d6307da917925bdb1862615067ead340ce2e726629a76d3cc6b44cd23697 family_lumma_V2 -
Detect Lumma Stealer payload V4 1 IoCs
resource yara_rule static1/unpack001/f419d6307da917925bdb1862615067ead340ce2e726629a76d3cc6b44cd23697 family_lumma_v4 -
Lumma family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/f419d6307da917925bdb1862615067ead340ce2e726629a76d3cc6b44cd23697
Files
-
f419d6307da917925bdb1862615067ead340ce2e726629a76d3cc6b44cd23697.zip.zip
Password: infected
-
f419d6307da917925bdb1862615067ead340ce2e726629a76d3cc6b44cd23697.exe windows:6 windows x86 arch:x86
e5b470d9537520ee46864576c1c54d55
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CloseHandle
CompareStringW
CreateFileW
DecodePointer
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
FindAtomA
FindAtomW
FindClose
FindFirstFileExW
FindNextFileW
FindResourceA
FindResourceW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameA
GetComputerNameW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessId
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount64
GetTimeZoneInformation
GetUserDefaultLangID
GetUserDefaultUILanguage
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
OpenMutexA
OpenMutexW
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
RaiseException
RtlUnwind
SetEndOfFile
SetEnvironmentVariableW
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualQuery
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcatW
lstrcmpW
lstrcmpiW
lstrlenW
advapi32
GetUserNameW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
user32
EnumDisplayDevicesA
FindWindowA
FindWindowW
GetActiveWindow
GetCursorPos
GetDC
GetDesktopWindow
GetForegroundWindow
GetSystemMetrics
ReleaseDC
wsprintfW
gdi32
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
DeleteDC
DeleteObject
GetDIBits
GetObjectW
SelectObject
Sections
.text Size: 570KB - Virtual size: 572KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 47KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 3KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.00cfg Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.voltbl Size: 512B - Virtual size: 4KB
.reloc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ