gh0strat | 20b3c40b45fec19e5f31d325c23d67f407481d1d595d8b300572bbc2054aca14

Sharing

Copy URL Twitter E-mail

General

Target

20b3c40b45fec19e5f31d325c23d67f407481d1d595d8b300572bbc2054aca14
Size

7.6MB
MD5

f29ca9d939582b8b6f441f7667814236
SHA1

589be0212b09aa8abfd6fcb315200aa916322e21
SHA256

20b3c40b45fec19e5f31d325c23d67f407481d1d595d8b300572bbc2054aca14
SHA512

f570ed7a538b4dc7c84ee9ecd28ba5ae08ccdc4e512193515c5ebb8f384544068243967fec0d0a6cae1d046ebca80f56c618815e0881db4f30334e749a2f289e
SSDEEP

98304:m/s5H0gaTFf9/qY6uj8yynF7aVWliZYwIeFZU4N/c0D4yHyQwS+aw4uQ8:8uUN5965F7wZVIQZU4Bv+ZQ8

Score

10^/10

gh0strat lumma

Malware Config

Signatures

Detect Lumma Stealer payload V4 1 IoCs

resource	yara_rule
sample	family_lumma_v4

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat
Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20b3c40b45fec19e5f31d325c23d67f407481d1d595d8b300572bbc2054aca14

Files

20b3c40b45fec19e5f31d325c23d67f407481d1d595d8b300572bbc2054aca14
.exe windows:4 windows x86 arch:x86

1484f954ff4ec9e35526e59701aa8675

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

avifil32

AVISaveOptions
AVISaveOptionsFree
AVIStreamRelease
AVIFileRelease
AVIStreamWrite
AVIFileOpenA
AVIFileCreateStreamA
AVIMakeCompressedStream
AVIStreamSetFormat
AVIFileExit
AVIFileInit

msvfw32

DrawDibOpen
DrawDibClose
ord2
DrawDibDraw

shlwapi

PathRemoveFileSpecA
SHAutoComplete

winmm

PlaySoundA
waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutWrite
waveInStop
waveInReset
waveInUnprepareHeader
waveInClose
waveOutReset
waveOutUnprepareHeader
waveOutClose

kernel32

GetStartupInfoA
GetCommandLineA
GetACP
HeapReAlloc
HeapSize
SetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
IsBadWritePtr
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
RaiseException
CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
Sleep
VirtualFree
GetProfileIntA
GetProfileStringA
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
CreateRemoteThread
VirtualProtect
CreateToolhelp32Snapshot
Process32First
Process32Next
GetTempPathA
GetPrivateProfileSectionNamesA
EnumResourceLanguagesA
EnumResourceTypesA
EnumResourceNamesA
GetExitCodeThread
ResetEvent
ExitThread
VirtualAlloc
GetFileAttributesA
lstrcatA
GetModuleFileNameA
WriteFile
lstrlenA
lstrcpyA
ReadFile
GetFileSize
CreateFileA
GetTickCount
GetLastError
CreateProcessA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
FreeLibrary
GetProcAddress
LoadLibraryA
SetUnhandledExceptionFilter
GetWindowsDirectoryA
WideCharToMultiByte
MultiByteToWideChar
LocalFree
LocalAlloc
lstrcpynA
FindClose
FindNextFileA
FindFirstFileA
SetFilePointer
DeleteFileA
MoveFileA
CreateDirectoryA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CopyFileA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
PostQueuedCompletionStatus
GetSystemInfo
CreateIoCompletionPort
InterlockedDecrement
GetQueuedCompletionStatus
OutputDebugStringA
InterlockedExchange
CancelIo
VirtualQueryEx
ReadProcessMemory
TerminateProcess
GetModuleHandleA
SizeofResource
LockResource
LoadResource
FindResourceA
ExitProcess
GetSystemDirectoryA
GetCurrentDirectoryA
LocalSize
LocalReAlloc
lstrcmpA
lstrlenW
FileTimeToSystemTime
FileTimeToLocalFileTime
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetVersion
InterlockedIncrement
FormatMessageA
DuplicateHandle
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationA
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
GetShortPathNameA
SetLastError
MulDiv
GetCurrentThread
SetThreadPriority
SuspendThread
GetTempFileNameA
SetFileTime
GetFileTime
GetDiskFreeSpaceA
GlobalFlags
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
TlsGetValue
GetProcessVersion
GetCPInfo
GetOEMCP
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileAttributesA
SetErrorMode
HeapFree
HeapAlloc
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetDriveTypeA

user32

GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
GetNextDlgTabItem
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
CreateMenu
GetMenuStringA
InsertMenuA
FillRect
IntersectRect
GetIconInfo
CreatePopupMenu
GetActiveWindow
SetWindowTextW
LockWindowUpdate
GetFocus
GetDesktopWindow
DestroyIcon
MessageBeep
InflateRect
SystemParametersInfoA
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetScrollBarInfo
ShowScrollBar
DrawIconEx
GetKeyState
GetWindowLongA
SetWindowLongA
SetWindowContextHelpId
MapDialogRect
SetRectEmpty
LoadAcceleratorsA
TranslateAcceleratorA
DestroyMenu
SetMenu
ReuseDDElParam
UnpackDDElParam
BringWindowToTop
LoadStringA
WinHelpA
IsChild
GetMenuState
GetSystemMenu
AppendMenuA
CheckMenuRadioItem
SetClassLongA
ClipCursor
DestroyCursor
DeleteMenu
CharNextA
EnableMenuItem
GetMenuItemCount
CheckMenuItem
GetDlgCtrlID
SetWindowPos
SendMessageTimeoutA
GetTopWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
SetScrollInfo
GetScrollInfo
ScrollWindow
EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
GetParent
ClientToScreen
AdjustWindowRectEx
GrayStringA
DrawTextA
TabbedTextOutA
RedrawWindow
LoadImageA
SetParent
ReleaseDC
IsIconic
GetSystemMetrics
DrawIcon
SetFocus
PeekMessageA
MapWindowPoints
SendDlgItemMessageA
DispatchMessageA
TranslateMessage
GetMessageA
RegisterWindowMessageA
LoadIconA
EnableWindow
SendMessageA
InvalidateRect
SetRect
UnregisterClassA
DrawMenuBar
TranslateMDISysAccel
DefFrameProcA
ExcludeUpdateRgn
DefDlgProcA
GetClipboardFormatNameA
GetAsyncKeyState
IsWindowUnicode
GetWindowLongW
SetWindowLongW
DrawEdge
GetDoubleClickTime
SetCursorPos
UnionRect
GetMenuDefaultItem
SetWindowRgn
GetCursor
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
SetMenuItemBitmaps
ModifyMenuA
GetMenuCheckMarkDimensions
wvsprintfA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
PostQuitMessage
ShowOwnedPopups
PostThreadMessageA
InvertRect
RegisterClipboardFormatA
IsClipboardFormatAvailable
GetTabbedTextExtentA
GetDCEx
GetNextDlgGroupItem
CopyAcceleratorTableA
GetSysColorBrush
GetDialogBaseUnits
GetClassNameA
IsRectEmpty
FindWindowA
IsZoomed
GetMenuStringW
LookupIconIdFromDirectoryEx
GetKeyboardLayoutList
GetKeyboardState
ToAsciiEx
GetKeyboardLayout
MapVirtualKeyExA
GetKeyNameTextA
IsCharLowerA
GetWindowRgn
HideCaret
ShowCaret
IsMenu
GetMenuItemInfoA
CreateIconIndirect
CreateIconFromResourceEx
DrawFrameControl
DrawAnimatedRects
EnumChildWindows
SetMenuDefaultItem
WaitMessage
MapVirtualKeyA
ValidateRect
DrawFocusRect
DrawStateA
MessageBoxA
wsprintfA
PostMessageA
PtInRect
GetWindowRect
GetCursorPos
GetSubMenu
LoadMenuA
GetWindow
GetDlgItemTextA
GetSysColor
SetTimer
LoadCursorA
EqualRect
IsWindow
CopyIcon
UpdateWindow
SetCursor
WindowFromPoint
ScreenToClient
IsWindowVisible
GetClientRect
LoadBitmapA
GetDC
OffsetRect
CopyRect
SetCapture
ReleaseCapture
GetCapture
KillTimer

gdi32

Polygon
GetTextAlign
CreateDIBitmap
SetPixel
GetCurrentObject
GetDIBits
PtInRegion
EnumFontFamiliesExA
GetBitmapBits
ExtCreateRegion
GetRgnBox
CreatePolygonRgn
RoundRect
Polyline
GetViewportOrgEx
ExtFloodFill
Ellipse
SetBrushOrgEx
StrokePath
FillPath
CloseFigure
GetTextExtentPoint32W
ExtTextOutW
GetTextExtentPointA
GetWindowOrgEx
GetTextColor
CopyMetaFileA
GetTextMetricsA
GetCharWidthA
CreateFontIndirectA
CombineRgn
SetRectRgn
CreateRectRgnIndirect
PatBlt
CreatePatternBrush
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
ExtSelectClipRgn
CreateRectRgn
GetClipRgn
PolyBezierTo
GetCurrentPositionEx
SetTextAlign
LineTo
MoveToEx
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetPolyFillMode
GetStockObject
RestoreDC
SaveDC
GetClipBox
CreatePen
SetBkMode
SetBkColor
SetTextColor
SetStretchBltMode
StretchBlt
StretchDIBits
CreateDIBSection
SelectObject
DeleteDC
DeleteObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
LPtoDP
GetMapMode
DPtoLP
GetBkColor
BeginPath
EndPath
StrokeAndFillPath
GetTextExtentPoint32A
GetPixel
SetPixelV
PolyBezier
GetObjectA
CreateFontA
CreateBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateSolidBrush

comdlg32

GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA
ChooseColorA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegCreateKeyA
RegSetValueA
GetFileSecurityA
SetFileSecurityA
RegDeleteValueA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegEnumKeyA

shell32

DragQueryFileA
SHGetSpecialFolderPathA
Shell_NotifyIconA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetFileInfoA
ShellExecuteA
DragAcceptFiles
SHGetPathFromIDListA
SHAppBarMessage
ExtractIconA
SHBrowseForFolderA
DragFinish

comctl32

ImageList_Remove
ImageList_Draw
ImageList_GetImageInfo
ImageList_Add
ImageList_DrawEx
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetIcon
_TrackMouseEvent
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_SetBkColor
ord17
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA

oledlg

ord1
ord8

ole32

ReleaseStgMedium
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoInitialize
CoCreateInstance
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoTaskMemFree
CoTaskMemAlloc
OleDuplicateData
CoUninitialize
CLSIDFromProgID
CLSIDFromString
OleInitialize
CoDisconnectObject
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard

olepro32

ord253

oleaut32

OleLoadPicturePath
VariantChangeTypeEx
LoadTypeLi
SysStringLen
VariantTimeToSystemTime
SysAllocStringLen
SysFreeString
VarBstrFromDate
VarDateFromStr
SysStringByteLen
VariantChangeType
SysAllocStringByteLen
SysAllocString
VariantCopy
VariantClear
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData

urlmon

URLDownloadToFileA

ws2_32

inet_ntoa
getpeername
closesocket
WSACleanup
select
connect
htons
gethostbyname
ioctlsocket
socket
WSAStartup
sendto
inet_addr
listen
bind
WSAEventSelect
WSACreateEvent
WSASocketA
WSAWaitForMultipleEvents
WSAGetLastError
WSARecv
WSASend
setsockopt
WSACloseEvent
WSAIoctl
gethostname
ntohs
getsockname
shutdown
accept
WSAEnumNetworkEvents

skinh

SkinH_AttachEx
SkinH_Detach

wininet

HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetGetLastResponseInfoA
InternetConnectA
InternetQueryDataAvailable
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA

imm32

ImmAssociateContext

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 412KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1484f954ff4ec9e35526e59701aa8675

Headers

File Characteristics

Imports

avifil32

msvfw32

shlwapi

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

urlmon

ws2_32

skinh

wininet

imm32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rodata Size: 12KB - Virtual size: 11KB

.rotext Size: 112KB - Virtual size: 108KB

.rdata Size: 412KB - Virtual size: 408KB

.data Size: 1.5MB - Virtual size: 2.0MB

.rsrc Size: 3.4MB - Virtual size: 3.4MB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rodata
Size: 12KB - Virtual size: 11KB

.rotext
Size: 112KB - Virtual size: 108KB

.rdata
Size: 412KB - Virtual size: 408KB

.data
Size: 1.5MB - Virtual size: 2.0MB

.rsrc
Size: 3.4MB - Virtual size: 3.4MB