lumma | 3d24566faf58b09811d7c7f456b00a1a[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

3d24566faf58b09811d7c7f456b00a1a.bin
Size

5.8MB
MD5

3d24566faf58b09811d7c7f456b00a1a
SHA1

f0796c5335b877d8968f5c8bada64dc5c25e502f
SHA256

2428cdd2b7b87cb972bb0f98d6a82e10ae7e864f1cf15307d3c6e8c562409b25
SHA512

997d30697a27fd48efe6483f2a202ad2ebfc2dcb1373eb6b1a0d1a877c178bdba85382b39a0c84d90545f4b5cb364e9c063357973cab0df5f3c94cc71c85bb64
SSDEEP

98304:oe0iVp/nRl1ZFcNnRlnpAzbkA22Lx7thzSenZBZxnDa+KWChmx4N:oe0iVp/1ZFctnpI22dnDZxOqChL

Score

10^/10

lumma

Malware Config

Signatures

Detect Lumma Stealer payload V4 1 IoCs

resource	yara_rule
sample	family_lumma_v4

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d24566faf58b09811d7c7f456b00a1a.bin

Files

3d24566faf58b09811d7c7f456b00a1a.bin
.exe windows:4 windows x86 arch:x86

f07c404b8558194a3cfe6e1521bf8eae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\WorkProject\DesProject\Gs-des 5.0.5100\HkInstall\HkSetup\Release\HkSetup.pdb

Imports

kernel32

GetFileTime
GetTickCount
ExitProcess
RtlUnwind
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStringTypeA
GetStringTypeW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
SetErrorMode
GetOEMCP
GetCPInfo
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GlobalFlags
InterlockedIncrement
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedDecrement
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
FreeResource
SetLastError
GlobalFree
MulDiv
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
GlobalAddAtomA
GetCurrentThreadId
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
GetModuleHandleA
ConvertDefaultLocale
EnumResourceLanguagesA
GetCurrentDirectoryA
SetCurrentDirectoryA
FindNextFileA
GetSystemTime
GetCPInfoExA
GetSystemDefaultLangID
GetUserDefaultLangID
GetSystemDefaultLCID
GetUserDefaultLCID
RemoveDirectoryA
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
MultiByteToWideChar
GetTempFileNameA
MoveFileExA
GetLogicalDriveStringsA
GetDriveTypeA
GetFileAttributesA
SetFileAttributesA
SetEndOfFile
TerminateProcess
WritePrivateProfileStringA
WideCharToMultiByte
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
WriteFile
Sleep
SetFilePointer
ReadFile
GetTempPathA
LoadLibraryA
GetProcAddress
FreeLibrary
GetPrivateProfileIntA
GetPrivateProfileStringA
DeleteFileA
MoveFileA
FindFirstFileA
FindClose
CreateFileA
GetFileSize
GetSystemDirectoryA
CopyFileA
GetLastError
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GetModuleFileNameA
GetShortPathNameA
GetEnvironmentVariableA
lstrcpyA
lstrcatA
SetPriorityClass
GetCurrentProcess
GetCurrentThread
SetThreadPriority
OutputDebugStringA
CreateProcessA
WaitForSingleObject
SetUnhandledExceptionFilter
CloseHandle

user32

MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
CopyAcceleratorTableA
SetRect
IsRectEmpty
CharNextA
GetSysColorBrush
wsprintfA
ReleaseCapture
SetCapture
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
MoveWindow
SetWindowTextA
IsDialogMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
SetForegroundWindow
UpdateWindow
GetMenu
GetSysColor
AdjustWindowRectEx
EqualRect
DrawIcon
SendMessageA
GetDlgItem
ShowWindow
EnableWindow
AppendMenuA
GetSystemMenu
IsIconic
GetClientRect
LoadIconA
UnregisterClassA
GetSystemMetrics
MessageBoxA
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetNextDlgTabItem
EndDialog
GetMenuItemID
RegisterClipboardFormatA
GetMenuItemCount
GetSubMenu
SetMenuItemBitmaps
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
PostThreadMessageA
MapWindowPoints
SetCursor
LoadCursorA
FindWindowA
LoadImageA
CharUpperA
PostMessageA
PostQuitMessage
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetParent
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
RegisterWindowMessageA

gdi32

GetMapMode
GetRgnBox
CreateRectRgnIndirect
GetTextColor
GetBkColor
GetStockObject
DeleteDC
ExtSelectClipRgn
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
CreateBitmap
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
RectVisible

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

AdjustTokenPrivileges
RegSetValueExA
RegCreateKeyExA
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
StartServiceA
CloseServiceHandle
OpenServiceA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
LookupPrivilegeValueA
RegCloseKey
InitiateSystemShutdownA
ControlService
QueryServiceStatus
DeleteService
CreateServiceA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenSCManagerA

shell32

ShellExecuteExA
SHGetFolderPathA
SHCreateDirectoryExA
SHChangeNotify

comctl32

ord17

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
StgOpenStorageOnILockBytes
CoTaskMemFree
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries

oleaut32

SysFreeString
SysStringLen
SysAllocStringByteLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
SysAllocString
OleCreateFontIndirect

Sections

.text
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f07c404b8558194a3cfe6e1521bf8eae

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 204KB - Virtual size: 200KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 120KB - Virtual size: 118KB

.text
Size: 204KB - Virtual size: 200KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 120KB - Virtual size: 118KB