lumma | e2781afb4f23693fb084c491eda8b890_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

e2781afb4f23693fb084c491eda8b890_NeikiAnalytics.exe
Size

7.8MB
MD5

e2781afb4f23693fb084c491eda8b890
SHA1

e01246bf83018443d385379eaa98bd046f325d14
SHA256

9dd1703a136a2804991bc08b87696f55ad1c57c4cc544773df1facf505926412
SHA512

ce3d5de1d5ecdaaed41ead8b1cf9dd641b7dc8b29200c05fed386e1a058a144c7024aa29cb085d2a2b133fa52f32e5d73b19670ac84bae8f6d9c052fa24491c3
SSDEEP

98304:8WH8WHGiq2k3Ij99QpM88GGxMCAycMMMsncWEuqQWyJE+i5O5uYcmWQWZJ0a8:8WH8WHTq2ZKpkGYsq8KwImFV

Score

10^/10

lumma

Malware Config

Signatures

Detect Lumma Stealer payload V4 1 IoCs

resource	yara_rule
sample	family_lumma_v4

Lumma family
lumma

Files

e2781afb4f23693fb084c491eda8b890_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:cb:e1:bd:86:6f:7c:b5:c7:eb:1d:44
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

11/10/2022, 12:13

Not After

07/01/2026, 12:13

Subject

CN=BYK-Gardner GmbH,OU=IT,O=BYK-Gardner GmbH,L=Geretsried,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:b3:0e:24:c4:a4:41:97:e6:c3:37:63:84:12:d1:23:68:d5:98:f8
Signer

Actual PE Digest

52:b3:0e:24:c4:a4:41:97:e6:c3:37:63:84:12:d1:23:68:d5:98:f8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Windows-Agents\1_vsts\_work\55\s\DevelopmentTools\General\BykTools\BYKInstrumentUpdate\obj\x86\Release\BYKInstrumentUpdate.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

1a:cb:e1:bd:86:6f:7c:b5:c7:eb:1d:44Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

52:b3:0e:24:c4:a4:41:97:e6:c3:37:63:84:12:d1:23:68:d5:98:f8Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 79KB - Virtual size: 79KB

.rsrc Size: 24KB - Virtual size: 24KB

.reloc Size: 512B - Virtual size: 12B

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

1a:cb:e1:bd:86:6f:7c:b5:c7:eb:1d:44
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

52:b3:0e:24:c4:a4:41:97:e6:c3:37:63:84:12:d1:23:68:d5:98:f8
Signer

.text
Size: 79KB - Virtual size: 79KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 512B - Virtual size: 12B