lumma | 2024-04-22_b6f59201751b3a73de4139c0fe055500_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-22_b6f59201751b3a73de4139c0fe055500_icedid
Size

3.9MB
MD5

b6f59201751b3a73de4139c0fe055500
SHA1

f0c346edf4a2e51bb39be2d57edec66bc68fce6f
SHA256

9af5db571671ea199129a8fdc6cb51217e7656b776be9f60402ef01085e289bb
SHA512

74266bf6840984a3cc3f0384c19048fc16a716ea27141f1d0c955778825122e4617842e656d117edee666a4c6362f7bde0cd7662971cee8c8e205220606297ec
SSDEEP

49152:ZEXGeBsHHSdorG9xgX3oICanZCWKiM1nOn6ckEo3D0PPoe9D1sf8g:ZEWmWrGsX3oxQZjM1nOnS3D0PAaY8g

Score

10^/10

lumma

Malware Config

Signatures

Detect Lumma Stealer payload V4 1 IoCs

Processes:

resource yara_rule

sample family_lumma_v4

resource	yara_rule
sample	family_lumma_v4

Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs

Processes:

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-04-22_b6f59201751b3a73de4139c0fe055500_icedid

Files

2024-04-22_b6f59201751b3a73de4139c0fe055500_icedid
.exe windows:4 windows x86 arch:x86

bb5b5ba3e1eed749630702b2141a1cd0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

socket
ioctlsocket
connect
inet_addr
WSAGetLastError
ntohl
htonl
closesocket
send
recv
__WSAFDIsSet
select
getsockopt
listen
bind
accept
getsockname
WSASetLastError
ntohs
WSACleanup
WSAStartup
gethostbyname
htons

kernel32

TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GetProcessVersion
GetCPInfo
GetOEMCP
GetFileTime
SetErrorMode
WritePrivateProfileStringA
FindResourceExA
RtlUnwind
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
GlobalFlags
GetLocalTime
GetSystemTimeAsFileTime
RaiseException
HeapReAlloc
RemoveDirectoryA
SetEnvironmentVariableA
SetCurrentDirectoryA
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetStartupInfoA
GetCommandLineA
ExitThread
HeapSize
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetStdHandle
SetHandleCount
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
VirtualProtect
lstrlenW
GetCurrentThread
GetTickCount
GetProfileIntA
GetThreadLocale
GetFullPathNameA
FindFirstFileA
UnlockFile
LockFile
DuplicateHandle
lstrcmpA
SuspendThread
SetThreadPriority
ResumeThread
FileTimeToLocalFileTime
InterlockedIncrement
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
CreateProcessA
SetThreadExecutionState
GetVolumeInformationW
CompareFileTime
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetSystemInfo
InterlockedDecrement
GetComputerNameA
FindResourceA
SizeofResource
LoadResource
LockResource
GetCurrentDirectoryA
GetACP
GetSystemDefaultLangID
GetVolumeInformationA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
lstrcpynA
CreateThread
SleepEx
ReadFile
CreateDirectoryA
CopyFileW
MoveFileA
LocalAlloc
SetLastError
CreateDirectoryW
GetFileAttributesExW
FileTimeToSystemTime
CreateWaitableTimerA
SetWaitableTimer
CancelWaitableTimer
SetFileAttributesW
FlushFileBuffers
DeviceIoControl
GetCurrentThreadId
TerminateProcess
GetUserDefaultLangID
SetEvent
lstrlenA
SetFileAttributesA
DeleteFileA
GetWindowsDirectoryW
lstrcmpiA
GetLocaleInfoA
GetDriveTypeW
GetVersion
GetCurrentProcessId
MoveFileW
RemoveDirectoryW
GetSystemTime
SystemTimeToFileTime
SetFileTime
LoadLibraryW
MoveFileExW
GetModuleHandleA
WriteFile
GetProcessHeap
HeapFree
HeapAlloc
OpenProcess
lstrcatA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFilePointer
SetEndOfFile
GetSystemDirectoryW
DeleteFileW
GetWindowsDirectoryA
GetVersionExA
GetExitCodeProcess
CreateFileA
GetCurrentProcess
CreateProcessW
GetModuleFileNameW
CreateEventA
WaitForMultipleObjects
ResetEvent
GlobalAlloc
GlobalFree
FindFirstFileW
FindNextFileW
FindClose
CreateFileW
CreateMutexA
OpenMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
GetSystemDirectoryA
GetModuleFileNameA
GetFileAttributesA
CopyFileA
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
GlobalSize
GlobalLock
GlobalUnlock
GetFileAttributesW
GetLastError
FormatMessageA
LocalFree
WideCharToMultiByte
MultiByteToWideChar
MulDiv
ExitProcess
GetProfileStringA
GetTimeZoneInformation

user32

IsRectEmpty
InflateRect
CharUpperA
IsClipboardFormatAvailable
ValidateRect
GrayStringA
DrawTextA
TabbedTextOutA
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
IsDialogMessageA
GetDlgItemTextA
SendDlgItemMessageA
MapWindowPoints
GetFocus
AdjustWindowRectEx
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
IsChild
WinHelpA
GetClassInfoA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
UnhookWindowsHookEx
CallWindowProcA
GetMessageTime
GetLastActivePopup
GetWindowPlacement
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
GetParent
GetActiveWindow
DrawFrameControl
SetRect
SystemParametersInfoW
DrawStateA
DeleteMenu
DrawTextW
DrawIconEx
IntersectRect
GetSysColorBrush
FillRect
FrameRect
PeekMessageA
LockWindowUpdate
ModifyMenuA
UnionRect
ClientToScreen
WindowFromPoint
SetDlgItemTextA
GetWindowTextLengthW
CopyIcon
SetFocus
DestroyIcon
PostQuitMessage
GetMessageA
TranslateMessage
DispatchMessageA
UpdateWindow
IsWindowEnabled
SetCursorPos
GetClassNameA
CreateDialogParamW
CreateDialogParamA
SetPropA
GetPropA
DefWindowProcA
CreateWindowExA
SetWindowLongA
RegisterClassA
DefDlgProcA
DestroyWindow
GetWindowLongA
GetWindowDC
BeginPaint
EndPaint
SetDlgItemTextW
RegisterWindowMessageA
RegisterClipboardFormatA
RemoveMenu
DrawFocusRect
GetMessagePos
ScreenToClient
LoadCursorA
SetCursor
EqualRect
GetCapture
ReleaseCapture
SetCapture
CreatePopupMenu
AppendMenuW
SystemParametersInfoA
GetKeyState
ModifyMenuW
TrackPopupMenu
IsIconic
GetSystemMetrics
DrawIcon
OffsetRect
EnableMenuItem
SetClipboardViewer
CheckMenuItem
LoadImageW
LoadImageA
DestroyMenu
ChangeClipboardChain
GetMenu
EnumWindows
SetForegroundWindow
IsWindowVisible
wsprintfW
SendMessageW
LoadBitmapA
GetMenuItemCount
GetMenuItemID
GetSubMenu
AppendMenuA
GetDCEx
GetNextDlgGroupItem
CopyAcceleratorTableA
CharNextA
PostThreadMessageA
GetAsyncKeyState
SetRectEmpty
MapDialogRect
SetActiveWindow
SetWindowContextHelpId
CheckMenuRadioItem
GetCursorPos
PtInRect
GetClientRect
ReleaseDC
CopyRect
FindWindowA
GetWindowThreadProcessId
MsgWaitForMultipleObjects
SetParent
KillTimer
SetTimer
InvalidateRect
wsprintfA
PostMessageA
GetForegroundWindow
ExitWindowsEx
MessageBeep
ShowWindow
GetWindowTextLengthA
MoveWindow
GetWindowTextA
MessageBoxW
GetWindowTextW
GetWindowRect
CreateWindowExW
SetWindowPos
SetWindowTextW
SetWindowTextA
DefWindowProcW
GetDesktopWindow
MessageBoxA
GetDlgItem
GetSysColor
GetDlgCtrlID
LoadStringA
IsWindow
SendMessageA
GetWindow
GetDC
EnableWindow
LoadIconA
IsWindowUnicode
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA
RemovePropA

gdi32

SetWindowExtEx
GetTextColor
GetBkColor
EnumFontFamiliesExA
CopyMetaFileA
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetCharWidthA
StretchDIBits
CombineRgn
SetRectRgn
CreateRectRgnIndirect
PatBlt
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreatePatternBrush
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
IntersectClipRect
ExcludeClipRect
LPtoDP
DPtoLP
TranslateCharsetInfo
GetTextMetricsA
CreateCompatibleBitmap
DeleteObject
SelectObject
StretchBlt
BitBlt
DeleteDC
GetStockObject
CreateCompatibleDC
GetDIBits
SelectClipRgn
CreateDIBSection
CreateSolidBrush
GetTextExtentPoint32W
GetTextExtentPoint32A
GetObjectA
GetTextExtentPointA
CreateDIBitmap
CreateFontIndirectA
GetDeviceCaps
CreateFontA
SetViewportOrgEx
RestoreDC
SaveDC
CreateBitmap
GetClipBox
SetBkMode
SetBkColor
SetTextColor
SetStretchBltMode
CreateFontIndirectW
GetMapMode
SetMapMode
ScaleWindowExtEx

comdlg32

GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA
GetSaveFileNameW

advapi32

CloseServiceHandle
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyA
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumKeyExA
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegNotifyChangeKeyValue
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegFlushKey
RegCreateKeyExW
GetUserNameW
RegLoadKeyA
RegRestoreKeyA
GetUserNameA
RegSaveKeyA
OpenSCManagerA
OpenServiceA
RegCloseKey
DuplicateTokenEx
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegEnumValueA

shell32

SHGetMalloc
SHGetDesktopFolder
Shell_NotifyIconA
SHBrowseForFolderW
SHGetPathFromIDListW
SHFileOperationW
SHFileOperationA
ShellExecuteW
FindExecutableW
ShellExecuteExA
ShellExecuteExW
SHGetFileInfoW
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA

comctl32

ImageList_AddMasked
ImageList_Add
ImageList_Remove
ord17
ord8
ImageList_BeginDrag
ImageList_DragShowNolock
ImageList_DragMove
ImageList_EndDrag
ImageList_DragLeave
ImageList_Draw
ImageList_DragEnter
ImageList_GetIcon
ImageList_Destroy
ImageList_Create
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA

oledlg

ord8

ole32

CoTaskMemFree
OleUninitialize
CreateStreamOnHGlobal
CoRevokeClassObject
CoInitialize
CoUninitialize
CoSetProxyBlanket
OleGetClipboard
CoRegisterClassObject
CoGetObject
StringFromGUID2
CoCreateInstance
ReleaseStgMedium
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
CoFreeUnusedLibraries
CLSIDFromProgID
CLSIDFromString
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoRegisterMessageFilter
CoTaskMemAlloc
OleDuplicateData
CoDisconnectObject
RevokeDragDrop
CoLockObjectExternal
OleInitialize
RegisterDragDrop

olepro32

ord251
ord253

oleaut32

SysAllocString
SysAllocStringByteLen
VariantTimeToSystemTime
VariantChangeType
VariantCopy
VariantInit
VariantClear
LoadTypeLibEx
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
LoadTypeLi
SysStringLen
SysAllocStringLen
SysFreeString

wininet

InternetSetCookieA
InternetGetCookieA
InternetCrackUrlA
InternetCanonicalizeUrlA
GetUrlCacheEntryInfoW
InternetCanonicalizeUrlW
InternetCombineUrlA

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 444KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 200KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb5b5ba3e1eed749630702b2141a1cd0

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wininet

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 444KB - Virtual size: 440KB

.data Size: 200KB - Virtual size: 223KB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 444KB - Virtual size: 440KB

.data
Size: 200KB - Virtual size: 223KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB