lumma | 56de8fdabc03c2f82dccaed436affc4c

Sharing

Copy URL

Twitter E-mail

General

Target

56de8fdabc03c2f82dccaed436affc4c
Size

1.0MB
MD5

56de8fdabc03c2f82dccaed436affc4c
SHA1

7e55f2223578c19d74232422d8eef9367ced5be9
SHA256

d85e89935a59aeb591e8a9ef27e7fdf73d66ea98d72529787c316972c716794f
SHA512

2d836c65128562d10a0efa102fb8b5c436b93e47133bbba5ff82e6da27719b171e634c9912ca774e2132c3d84093b13cf8ed800491aeb6b9f0819c98a7076b18
SSDEEP

24576:nZh5oCgmTq2gdgmTqZjIuE73I0UGVN6G14l:r5o2TqBTqBIT73I0ZVN6G14l

Score

10^/10

lumma

Malware Config

Signatures

Detect Lumma Stealer payload V4 1 IoCs

resource	yara_rule
sample	family_lumma_v4

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56de8fdabc03c2f82dccaed436affc4c

Files

56de8fdabc03c2f82dccaed436affc4c
.exe windows:6 windows x86 arch:x86

889b0d944aa7922b9db055d7b123c904

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
ExitProcess
OpenProcess
GetSystemInfo
FreeLibrary
LoadLibraryA
FreeConsole
CreateToolhelp32Snapshot
Process32First
Process32Next
K32GetModuleFileNameExA
HeapSize
WriteConsoleW
CreateFileW
SetStdHandle
CloseHandle
IsDebuggerPresent
GetVolumeInformationA
ReadFile
GetEnvironmentVariableA
GetStdHandle
GetProcAddress
GetLastError
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
DeleteFileW
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
SetEndOfFile
WideCharToMultiByte
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwind
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameW
WriteFile
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
GetFileType

user32

MessageBoxA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

wininet

InternetCloseHandle
InternetOpenA
InternetConnectA
HttpSendRequestA
InternetReadFile
HttpOpenRequestA

urlmon

URLDownloadToFileA

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 736KB - Virtual size: 740KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

889b0d944aa7922b9db055d7b123c904

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

wininet

urlmon

Sections

.text Size: 152KB - Virtual size: 151KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 736KB - Virtual size: 740KB

.rsrc Size: 98KB - Virtual size: 98KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 152KB - Virtual size: 151KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 736KB - Virtual size: 740KB

.rsrc
Size: 98KB - Virtual size: 98KB

.reloc
Size: 9KB - Virtual size: 9KB