lumma | 2656-63-0x00000000021B0000-0x00000000028C6000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2656-63-0x00000000021B0000-0x00000000028C6000-memory.dmp
Size

7.1MB
MD5

91b853d3b04f68969387122242a0ca07
SHA1

d474bf59fc455d83f09871d263361d94db5efe58
SHA256

f337b32cdbeded1dd464b4598dcc46a90a39e5c713f97dbbe83fe38d26c627a9
SHA512

58bf944e5ee082a5e3085e657ed13c4720dc17049102846e5efc250b87cc0aebdae0193ad021a2697b82112ebe64106ee5a2d7e4a8706e213718e54065d9b4d5
SSDEEP

98304:DwwxfxPt0wRsncNYNLhIHA3GdKv36w20wulbaswGLRFglSTGhlma7ZdimR7rxm0W:DwSPKw3NY3vKU1BbV5GCaD/hmeT

Score

10^/10

lumma

Malware Config

Extracted

Family

lumma

C2

gstatic-node.io

Signatures

Detect Lumma Stealer payload V2 1 IoCs

resource	yara_rule
sample	family_lumma_V2

Detect Lumma Stealer payload V4 1 IoCs

resource	yara_rule
sample	family_lumma_v4

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2656-63-0x00000000021B0000-0x00000000028C6000-memory.dmp

Files

2656-63-0x00000000021B0000-0x00000000028C6000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.[Gd
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.+>+
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.W_3
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ