lumma | 41839f772e629e47c61963bf9076deae_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

41839f772e629e47c61963bf9076deae_JaffaCakes118
Size

981KB
MD5

41839f772e629e47c61963bf9076deae
SHA1

9339a161b6c6affae7d32212e92749004e1098c4
SHA256

634db57fe8adf59999f19dc5dc1bb79aac3fb12300719215d01823e09c97bd5e
SHA512

339bf80a29ceec6ec197cc9eab6983e27016a5c5ab89ba754ff997f682a6c8280c226d39882eb1f394308bd4022a5ae388b11c0a5c6103fcc41b658a461fd4a9
SSDEEP

24576:3MuqyYr6PJ1/gkpXwA0Uh3BPsZkV3+jKuPh:8IfwA0Uh3BjOjNh

Score

10^/10

lumma

Malware Config

Signatures

Detect Lumma Stealer payload V4 1 IoCs

resource	yara_rule
sample	family_lumma_v4

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41839f772e629e47c61963bf9076deae_JaffaCakes118

Files

41839f772e629e47c61963bf9076deae_JaffaCakes118
.dll windows:6 windows x86 arch:x86

60ca22dc92ae275c653d4129ca9eeefc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GlobalUnlock
GlobalLock
DeleteFileA
FindClose
FindFirstFileA
FindNextFileA
GetFileAttributesA
Sleep
GetCurrentProcess
ExitProcess
CreateThread
GetTickCount
GetTickCount64
VirtualQuery
GetModuleHandleA
GetModuleHandleW
GetProcAddress
lstrlenW
GetPrivateProfileStringA
GlobalAlloc
MultiByteToWideChar
K32GetModuleInformation
HeapSize
CreateFileW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
CreateDirectoryW
GetFileAttributesExW
CreateProcessW
QueryPerformanceFrequency
WritePrivateProfileStringA
QueryPerformanceCounter
GetExitCodeProcess
WaitForSingleObject
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
OutputDebugStringW
WriteFile
HeapReAlloc
HeapFree
HeapAlloc
ReadFile
WriteConsoleW
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetLastError
WideCharToMultiByte
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlUnwind
RaiseException
FreeLibrary
LoadLibraryExW
InterlockedFlushSList
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
SetEndOfFile

user32

GetKeyState
GetCapture
SetCapture
ReleaseCapture
GetClientRect
SetCursorPos
ClientToScreen
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
CallWindowProcA
GetAsyncKeyState
SetWindowLongA
FindWindowA

imm32

ImmGetContext
ImmSetCompositionWindow

wininet

InternetOpenA
InternetCloseHandle
InternetOpenUrlA
InternetReadFile

d3dx9_43

D3DXCreateTextureFromFileA
D3DXAssembleShader
D3DXCreateFontA
D3DXCreateSprite
D3DXCreateTextureFromFileInMemoryEx

ws2_32

WSACleanup
WSAStartup
gethostbyname
socket
send
recv
closesocket
connect
htons

Sections

.5ek1vo
Size: 620KB - Virtual size: 620KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.9jbnj
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_MEM_READ

.n4mzj
Size: 5KB - Virtual size: 257KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mlybj
Size: 512B - Virtual size: 480B

IMAGE_SCN_MEM_READ

.foj1tq
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.uunyq
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.h7s31z
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_READ

.y9uk
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_MEM_READ

.7vlyd
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.f7t60z
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.aysb
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.3wikpn
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ

.anzvt
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

60ca22dc92ae275c653d4129ca9eeefc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

imm32

wininet

d3dx9_43

ws2_32

Sections

.5ek1vo Size: 620KB - Virtual size: 620KB

.9jbnj Size: 274KB - Virtual size: 273KB

.n4mzj Size: 5KB - Virtual size: 257KB

.mlybj Size: 512B - Virtual size: 480B

.foj1tq Size: 30KB - Virtual size: 30KB

.uunyq Size: 8KB - Virtual size: 4KB

.h7s31z Size: 4KB - Virtual size: 3KB

.y9uk Size: 4KB - Virtual size: 2KB

.7vlyd Size: 4KB - Virtual size: 3KB

.f7t60z Size: 4KB - Virtual size: 2KB

.aysb Size: 8KB - Virtual size: 4KB

.3wikpn Size: 4KB - Virtual size: 1KB

.anzvt Size: 8KB - Virtual size: 4KB

.5ek1vo
Size: 620KB - Virtual size: 620KB

.9jbnj
Size: 274KB - Virtual size: 273KB

.n4mzj
Size: 5KB - Virtual size: 257KB

.mlybj
Size: 512B - Virtual size: 480B

.foj1tq
Size: 30KB - Virtual size: 30KB

.uunyq
Size: 8KB - Virtual size: 4KB

.h7s31z
Size: 4KB - Virtual size: 3KB

.y9uk
Size: 4KB - Virtual size: 2KB

.7vlyd
Size: 4KB - Virtual size: 3KB

.f7t60z
Size: 4KB - Virtual size: 2KB

.aysb
Size: 8KB - Virtual size: 4KB

.3wikpn
Size: 4KB - Virtual size: 1KB

.anzvt
Size: 8KB - Virtual size: 4KB