lumma | c02bfff9532ac091c20eeb4d9b05fdf4

Sharing

Copy URL

Twitter E-mail

General

Target

c02bfff9532ac091c20eeb4d9b05fdf4
Size

587KB
MD5

c02bfff9532ac091c20eeb4d9b05fdf4
SHA1

0e0e4b11fbe839c79fa490d610fed2f1422095ed
SHA256

07af955ba6ac61b8e1efafa6c997f1defa45d377e335e2087561a4e6a43c864f
SHA512

8e436f321fd3e50e0734fd706e61814308b84458cc3bb896c033e5bb0b806a62547dcced32f0d00c3408148dac4562b02f9801ff926557b1a719c299a078c3ea
SSDEEP

6144:w3wB7Cl62aFX1hrhNEb2bBMSRWsQTpK6436aewDWzzcuJhoa8:w3w0l62aJbaSRBQd7zzNGa8

Score

10^/10

lumma

Malware Config

Signatures

Detect Lumma Stealer payload V4 1 IoCs

resource	yara_rule
sample	family_lumma_v4

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c02bfff9532ac091c20eeb4d9b05fdf4

Files

c02bfff9532ac091c20eeb4d9b05fdf4
.exe windows:4 windows x86 arch:x86

824655a5f96354aed7103c99456cce8c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACleanup
WSAStartup
setsockopt
bind
listen
select
__WSAFDIsSet
accept
gethostbyname
shutdown
inet_addr
htons
recv
send
socket
ioctlsocket
connect
closesocket

kernel32

MapViewOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
ExitThread
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetSystemDirectoryA
GetLocalTime
MultiByteToWideChar
ReadFile
WriteFile
TransactNamedPipe
CloseHandle
CreateFileA
GetModuleFileNameA
GetTimeFormatA
GetDateFormatA
GetLastError
CreateThread
GetFileSize
GetFileAttributesA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindNextFileA
FindFirstFileA
SetFilePointer
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FreeLibrary
GetEnvironmentVariableW
GetProcAddress
LoadLibraryA
HeapFree
HeapAlloc
GetProcessHeap
VirtualQueryEx
ReadProcessMemory
GetSystemInfo
OpenProcess
GetModuleHandleA
FormatMessageA
GlobalUnlock
GlobalLock
UnmapViewOfFile
CreateFileMappingA
SetFileTime
GetFileTime
CreateProcessA
ExpandEnvironmentStringsA
SetFileAttributesA
GetTempPathA
GetExitCodeProcess
PeekNamedPipe
DuplicateHandle
GetCurrentProcess
CreatePipe
GetVersionExA
GlobalMemoryStatus
ExitProcess
WideCharToMultiByte
GetComputerNameA
DeleteFileA
GetCurrentProcessId
CopyFileA
WaitForSingleObject
CreateMutexA
MoveFileA
TerminateThread
TerminateProcess
GetLocaleInfoA
GetLogicalDrives
GetTimeZoneInformation
GetSystemTime
HeapReAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
LCMapStringA
LCMapStringW
GetCPInfo
GetACP

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 417KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

824655a5f96354aed7103c99456cce8c

Headers

File Characteristics

Imports

ws2_32

kernel32

Sections

.text Size: 162KB - Virtual size: 162KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 417KB - Virtual size: 438KB

.text
Size: 162KB - Virtual size: 162KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 417KB - Virtual size: 438KB