lumma | Lua Injector Universe[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Lua Injector Universe.zip
Size

214KB
MD5

5dbf2627d211ae2c34f84f623ca4ce07
SHA1

e59a78719fa32dc0bc5a43a05cf05bd47307dc9b
SHA256

775261ac4274392de5fef0b2054dc6656c7d4a392167cd18a9f6125d05c676ab
SHA512

329b0c126e49509bc6fdcfdd5358532543bd5afd1c39e130847087d220359baad8396d90c93b28c9c1beac520b06dafffce94e91c9dd117927e8a7435b87dd17
SSDEEP

6144:/jVSeVEuyO0r7Ya8rVuvPt8Q5GsWsbLpc3g8YIHtF:/jVfE5O0r7gkN8MGsWsbLOwK

Score

10^/10

lumma

Malware Config

Signatures

Detect Lumma Stealer payload V4 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/Lua Injector Universe/temka.dll	family_lumma_v4

Lumma family
lumma

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/Lua Injector Universe/NeutrinoAgent.dll
unpack001/Lua Injector Universe/NeutrinoInjector.exe
unpack001/Lua Injector Universe/temka.dll

Files

Lua Injector Universe.zip
.zip
Lua Injector Universe/NeutrinoAgent.dll
.dll windows:6 windows x86 arch:x86

29f4d3e01edab1123ff22cde32bbfed2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
VirtualAllocEx
CreateRemoteThread
CloseHandle
OpenThread
GetCurrentProcess
Sleep
HeapFree
LoadLibraryA
GetLastError
GetModuleHandleA
ResumeThread
FindClose
FindNextFileA
VirtualAlloc
FindFirstFileExA
VirtualFree
VirtualProtect
WriteProcessMemory
HeapReAlloc
HeapAlloc
HeapDestroy
HeapCreate
GetCurrentThreadId
GetCurrentProcessId
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
GetModuleHandleW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
VirtualQuery
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetProcessHeap
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

user32

MessageBoxA

advapi32

CloseServiceHandle
OpenSCManagerA
ControlService
StartServiceA
OpenServiceA
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA

msvcp140

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

_except_handler4_common
__std_type_info_destroy_list
_CxxThrowException
__vcrt_LoadLibraryExW
memcpy
wcsstr
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
memcmp
memchr
__vcrt_GetModuleFileNameW
memset
memmove
__std_terminate

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_initterm
_initterm_e

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-string-l1-1-0

strcpy_s
strcat_s

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lua Injector Universe/NeutrinoInjector.exe
.exe windows:6 windows x86 arch:x86

17e836fa6f19c09cad0325cb075329e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
VirtualProtectEx
GetThreadContext
GetProcAddress
VirtualAllocEx
LoadLibraryA
ExitProcess
ReadProcessMemory
CreateRemoteThread
CreateProcessA
VirtualFreeEx
CreateFileW
CreateFileA
GetLastError
Sleep
GetExitCodeThread
WaitForSingleObject
VirtualAlloc
SetConsoleTitleA
VirtualFree
WriteProcessMemory
GetFileSize
ReadFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetDriveTypeW
GetFullPathNameW
GetStdHandle
WriteFile
GetModuleFileNameW
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW
GetExitCodeProcess
CreateProcessW
GetFileAttributesExW
MultiByteToWideChar
WideCharToMultiByte
GetCurrentDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapSize
HeapReAlloc
DecodePointer
WriteConsoleW

advapi32

AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lua Injector Universe/lua.lua
Lua Injector Universe/temka.dll
.dll windows:6 windows x86 arch:x86

0b26a122d34cbb1481fb15087d4c61dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RemoveVectoredExceptionHandler
VirtualProtect
GetCurrentProcess
VirtualAlloc
Thread32Next
Thread32First
ResumeThread
GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
MultiByteToWideChar
DeleteFileA
CloseHandle
K32GetModuleInformation
CreateThread
AddVectoredExceptionHandler
GetProcAddress
GetCurrentProcessId
WideCharToMultiByte
OpenThread
WriteConsoleW
SetEndOfFile
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
Sleep
GetCurrentThreadId
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
GetModuleHandleW
VirtualFree
VirtualQuery
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
RaiseException
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetLastError
GetProcessHeap
FreeLibrary
RtlUnwind
InterlockedFlushSList
GetModuleFileNameW
LoadLibraryExW
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ReadFile
GetDriveTypeW
GetFullPathNameW
ExitProcess
GetModuleHandleExW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetStdHandle
GetFileType
CompareStringW
LCMapStringW
GetCurrentDirectoryW
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
CreateFileW
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetFileSizeEx
HeapSize
DecodePointer

user32

MessageBeep

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29f4d3e01edab1123ff22cde32bbfed2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

17e836fa6f19c09cad0325cb075329e9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 95KB - Virtual size: 94KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 24KB - Virtual size: 24KB

.reloc Size: 5KB - Virtual size: 4KB

0b26a122d34cbb1481fb15087d4c61dc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 126KB - Virtual size: 126KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 95KB - Virtual size: 94KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 126KB - Virtual size: 126KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 6KB - Virtual size: 5KB