lumma | c5a67951daab006db5083cd002a70885

Sharing

Copy URL Twitter E-mail

General

Target

c5a67951daab006db5083cd002a70885
Size

1.2MB
MD5

c5a67951daab006db5083cd002a70885
SHA1

c189aa2a8d9567df40ef15854dc0ddc90db4ec4c
SHA256

79e7de917fc2abc4c2fabeda04c004d2b6695c555be54d845f4011ccd4719ee7
SHA512

28627453084070faa4a7bcca933d84c437e13c1d440f545e020f701bd81d8a5227f11276319b4129ceb0c105fe7b8fbf804be9eac3a4ad6aefb4f2025a51bf5e
SSDEEP

6144:0jztdv0Js0+w7H67HzA+pS09G6NkMwQczcuJhojn1:stdv0Js0+w7HyHzA+pnVuzNGb

Score

10^/10

lumma

Malware Config

Signatures

Detect Lumma Stealer payload V4 1 IoCs

resource	yara_rule
sample	family_lumma_v4

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c5a67951daab006db5083cd002a70885

Files

c5a67951daab006db5083cd002a70885
.exe windows:4 windows x86 arch:x86

6e92bb8f1b912c01200e818c9ced7d51

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetAddConnection2A

ws2_32

WSAStartup
setsockopt
bind
listen
accept
WSACleanup
htons
recv
send
select
__WSAFDIsSet
socket
ioctlsocket
connect
closesocket
inet_addr

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

CreateFileMappingA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
ExitThread
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
MultiByteToWideChar
ReadFile
WriteFile
TransactNamedPipe
CloseHandle
CreateFileA
WaitForSingleObject
GetLastError
CreateEventA
GetModuleFileNameA
GetTimeFormatA
GetDateFormatA
CreateThread
GetFileSize
GetFileAttributesA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindNextFileA
FindFirstFileA
SetFilePointer
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FreeLibrary
GetEnvironmentVariableW
GetProcAddress
LoadLibraryA
HeapFree
HeapAlloc
GetProcessHeap
VirtualQueryEx
ReadProcessMemory
GetSystemInfo
OpenProcess
GetModuleHandleA
FormatMessageA
GlobalUnlock
GlobalLock
UnmapViewOfFile
MapViewOfFile
SetFileTime
GetFileTime
CreateProcessA
ExpandEnvironmentStringsA
SetFileAttributesA
GetTempPathA
GetVersionExA
CopyFileA
GetExitCodeProcess
PeekNamedPipe
DuplicateHandle
GetCurrentProcess
CreatePipe
GlobalMemoryStatus
GetSystemDirectoryA
GetLocalTime
ExitProcess
WideCharToMultiByte
GetComputerNameA
DeleteFileA
GetCurrentProcessId
CreateMutexA
MoveFileA
TerminateThread
TerminateProcess
lstrcmpiA
GetLocaleInfoA
GetLogicalDrives
RtlUnwind
GetTimeZoneInformation
GetSystemTime
HeapReAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
RaiseException
HeapSize
LCMapStringA
LCMapStringW

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 988KB - Virtual size: 1005KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6e92bb8f1b912c01200e818c9ced7d51

Headers

File Characteristics

Imports

mpr

ws2_32

version

kernel32

Sections

.text Size: 180KB - Virtual size: 179KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 988KB - Virtual size: 1005KB

.text
Size: 180KB - Virtual size: 179KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 988KB - Virtual size: 1005KB