lumma | 2024-04-28_661bd0b4f3890f4cb501155bade2e8a2_floxif_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-28_661bd0b4f3890f4cb501155bade2e8a2_floxif_icedid
Size

2.1MB
MD5

661bd0b4f3890f4cb501155bade2e8a2
SHA1

fc4405237c0e846dee6cc243a1fcfc0cf7c67ec3
SHA256

c468eb3c22819e9935ba11c494d419abc0de0891a6956e497c69b0c15881547e
SHA512

73f44f8925b3b52bc0f1cce78429feacff4ec3bbf30077ba94b77bb0ce6b508f5bb725e5c55d1b102e2f24757c9ce14bac42d25a94f60a997d2f75c384aaaddc
SSDEEP

49152:MgD495bwACy7Fp3hCvc3OEE38vr+ImZY+mk:M5q8Fp3hCvc3OEHr8

Score

10^/10

lumma

Malware Config

Signatures

Detect Lumma Stealer payload V4 1 IoCs

Processes:

resource yara_rule

sample family_lumma_v4
Lumma family
lumma

resource	yara_rule
sample	family_lumma_v4

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-04-28_661bd0b4f3890f4cb501155bade2e8a2_floxif_icedid

Files

2024-04-28_661bd0b4f3890f4cb501155bade2e8a2_floxif_icedid
.exe windows:4 windows x86 arch:x86

1fd1af901e03ae691691f9a8f1a8501d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\Data\Development\Studio\Visual Studio Projects\mbregsrv\mbregsrv\Release\mbregsrv.pdb

Imports

iphlpapi

GetAdaptersInfo

kernel32

ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
RemoveDirectoryA
CreateDirectoryA
FindNextFileA
GetDriveTypeA
GetTimeFormatA
GetDateFormatA
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
GetStartupInfoA
GetCommandLineA
TerminateProcess
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
GetTimeZoneInformation
LCMapStringW
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetExitCodeProcess
CreateProcessA
SetEnvironmentVariableA
SetErrorMode
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileA
GetFullPathNameA
FindFirstFileA
FindClose
GetCurrentProcess
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentDirectoryA
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GlobalFlags
LocalFree
InterlockedDecrement
MulDiv
SetLastError
WaitForSingleObject
CloseHandle
GetCurrentThread
GlobalAlloc
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
lstrcpynA
GetModuleHandleA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
RaiseException
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
lstrcmpiA
CompareStringA
CompareStringW
GetVersion
LoadResource
LockResource
SizeofResource
FindResourceA
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GetModuleFileNameA
MoveFileA
DeleteFileA
MoveFileExA
GetLastError
FormatMessageA
GetComputerNameA
GetSystemInfo
WideCharToMultiByte
MultiByteToWideChar
GetFileAttributesA
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetTickCount
LCMapStringA

user32

LoadCursorA
GetSysColorBrush
DestroyMenu
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
SetCursor
PostQuitMessage
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
RegisterWindowMessageA
WinHelpA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
MessageBoxA
GetKeyState
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
GetCapture
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
UnregisterClassA
LoadIconA
SetForegroundWindow
SetActiveWindow
KillTimer
SetTimer
IsWindowVisible
GetClientRect
IsIconic
GetSystemMenu
AppendMenuA
DrawIcon
DdeQueryStringA
DdeGetData
DdeCreateDataHandle
GetSystemMetrics
DdeUninitialize
DdeInitializeA
DdeCreateStringHandleA
DdeNameService
FindWindowA
ShowWindow
GetParent
PostMessageA
SendMessageA
EnableWindow
wsprintfA
GetPropA

gdi32

ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
GetDeviceCaps
GetClipBox
DeleteDC
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
SetMapMode
RestoreDC
SaveDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetStockObject

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
RegCreateKeyExA

shell32

SHChangeNotify
SHFileOperationA
Shell_NotifyIconA

comctl32

ord17

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

ws2_32

getservbyport
gethostbyaddr
inet_addr
WSACleanup
WSAStartup
ntohs
gethostbyname
gethostname
closesocket
select
send
WSAGetLastError
recv
accept
listen
bind
socket
htons
htonl
shutdown
WSAAsyncSelect
sendto
recvfrom
getservbyname
inet_ntoa
connect

odbc32

ord57
ord12
ord26
ord19
ord72
ord43
ord11
ord13
ord40
ord4
ord9
ord39
ord7
ord36
ord31
ord24
ord75
ord54

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 796KB - Virtual size: 794KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1fd1af901e03ae691691f9a8f1a8501d

Headers

File Characteristics

PDB Paths

Imports

iphlpapi

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oleaut32

ws2_32

odbc32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 796KB - Virtual size: 794KB

.data Size: 16KB - Virtual size: 38KB

.rsrc Size: 52KB - Virtual size: 48KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 796KB - Virtual size: 794KB

.data
Size: 16KB - Virtual size: 38KB

.rsrc
Size: 52KB - Virtual size: 48KB