lumma | 2024-02-21_184f980cf03d116573538e9edbf128eb_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-21_184f980cf03d116573538e9edbf128eb_icedid
Size

5.8MB
MD5

184f980cf03d116573538e9edbf128eb
SHA1

482fe6fbce8beb323c3d59771cfe7f8c900dd6df
SHA256

b7ccccc6393f8ba969dacb5ef6cb925cbc2c8e8a9c92ccc52ca25395df225fa4
SHA512

3b1ccdd0dccf202738448a544bf031660e9587d10286b2a9b1bfc637b1e0fb003f05af1d63e933f31683ec4d6d844d98a54bc4d9535699735dda63454cd9440d
SSDEEP

98304:oe0inp/nRl1ZFcNnRlnpAzbk+2qLx7thzSenZBZxnDa+KWChmx4N:oe0inp/1ZFctnpG2qdnDZxOqChL

Score

10^/10

lumma

Malware Config

Signatures

Detect Lumma Stealer payload V4 1 IoCs

resource	yara_rule
sample	family_lumma_v4

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-21_184f980cf03d116573538e9edbf128eb_icedid

Files

2024-02-21_184f980cf03d116573538e9edbf128eb_icedid
.exe windows:4 windows x86 arch:x86

f07c404b8558194a3cfe6e1521bf8eae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\WorkProject\DesProject\Gs-des 5.0.5100\HkInstall\HkSetup\Release\HkSetup.pdb

Imports

kernel32

GetFileTime
GetTickCount
ExitProcess
RtlUnwind
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStringTypeA
GetStringTypeW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
SetErrorMode
GetOEMCP
GetCPInfo
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GlobalFlags
InterlockedIncrement
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedDecrement
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
FreeResource
SetLastError
GlobalFree
MulDiv
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
GlobalAddAtomA
GetCurrentThreadId
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
GetModuleHandleA
ConvertDefaultLocale
EnumResourceLanguagesA
GetCurrentDirectoryA
SetCurrentDirectoryA
FindNextFileA
GetSystemTime
GetCPInfoExA
GetSystemDefaultLangID
GetUserDefaultLangID
GetSystemDefaultLCID
GetUserDefaultLCID
RemoveDirectoryA
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
MultiByteToWideChar
GetTempFileNameA
MoveFileExA
GetLogicalDriveStringsA
GetDriveTypeA
GetFileAttributesA
SetFileAttributesA
SetEndOfFile
TerminateProcess
WritePrivateProfileStringA
WideCharToMultiByte
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
WriteFile
Sleep
SetFilePointer
ReadFile
GetTempPathA
LoadLibraryA
GetProcAddress
FreeLibrary
GetPrivateProfileIntA
GetPrivateProfileStringA
DeleteFileA
MoveFileA
FindFirstFileA
FindClose
CreateFileA
GetFileSize
GetSystemDirectoryA
CopyFileA
GetLastError
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GetModuleFileNameA
GetShortPathNameA
GetEnvironmentVariableA
lstrcpyA
lstrcatA
SetPriorityClass
GetCurrentProcess
GetCurrentThread
SetThreadPriority
OutputDebugStringA
CreateProcessA
WaitForSingleObject
SetUnhandledExceptionFilter
CloseHandle

user32

MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
CopyAcceleratorTableA
SetRect
IsRectEmpty
CharNextA
GetSysColorBrush
wsprintfA
ReleaseCapture
SetCapture
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
MoveWindow
SetWindowTextA
IsDialogMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
SetForegroundWindow
UpdateWindow
GetMenu
GetSysColor
AdjustWindowRectEx
EqualRect
DrawIcon
SendMessageA
GetDlgItem
ShowWindow
EnableWindow
AppendMenuA
GetSystemMenu
IsIconic
GetClientRect
LoadIconA
UnregisterClassA
GetSystemMetrics
MessageBoxA
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetNextDlgTabItem
EndDialog
GetMenuItemID
RegisterClipboardFormatA
GetMenuItemCount
GetSubMenu
SetMenuItemBitmaps
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
PostThreadMessageA
MapWindowPoints
SetCursor
LoadCursorA
FindWindowA
LoadImageA
CharUpperA
PostMessageA
PostQuitMessage
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetParent
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
RegisterWindowMessageA

gdi32

GetMapMode
GetRgnBox
CreateRectRgnIndirect
GetTextColor
GetBkColor
GetStockObject
DeleteDC
ExtSelectClipRgn
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
CreateBitmap
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
RectVisible

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

AdjustTokenPrivileges
RegSetValueExA
RegCreateKeyExA
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
StartServiceA
CloseServiceHandle
OpenServiceA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
LookupPrivilegeValueA
RegCloseKey
InitiateSystemShutdownA
ControlService
QueryServiceStatus
DeleteService
CreateServiceA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenSCManagerA

shell32

ShellExecuteExA
SHGetFolderPathA
SHCreateDirectoryExA
SHChangeNotify

comctl32

ord17

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
StgOpenStorageOnILockBytes
CoTaskMemFree
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries

oleaut32

SysFreeString
SysStringLen
SysAllocStringByteLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
SysAllocString
OleCreateFontIndirect

Sections

.text
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f07c404b8558194a3cfe6e1521bf8eae

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 204KB - Virtual size: 200KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 120KB - Virtual size: 118KB

.text
Size: 204KB - Virtual size: 200KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 120KB - Virtual size: 118KB