lumma | payload_1[.]exe

General

Target

payload_1.exe
Size

310KB
MD5

94e103ae9b552491fa34cc4ba60f46a5
SHA1

31707126c6c3d8d675bd1a95e340cb06bcab4c92
SHA256

4c019a8be0aa02e0ff10e3678b33760dda0a6d68f320113b6cf34c03e6c78caa
SHA512

9d81e25ebb40358c0ce152ea31717aeef79e6862c3642b292b0cce439ba876a0b4a6ae52a5165741dc6e1189e6e9678bf317a4a5197cf70be2ebcf19d12ce10e
SSDEEP

6144:6VRQAZtRvszZ32HTH6R70gXDVxD7TEca5ExE4wKR+5r:6VGAZtls92HLwfEP5EK45Ry

Score

10^/10

stealer lumma

Malware Config

Extracted

Family

lumma

C2

https://smallelementyjdui.shop/api

https://sofaprivateawarderysj.shop/api

https://lineagelasserytailsd.shop/api

https://tendencyportionjsuk.shop/api

https://headraisepresidensu.shop/api

https://appetitesallooonsj.shop/api

https://minorittyeffeoos.shop/api

https://prideconstituiiosjk.shop/api

Signatures

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
payload_1.exe

Files

payload_1.exe
.exe windows:6 windows x86 arch:x86

2d05f25bcaf5848849812d4fbc9bd796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetConsoleWindow
GetLastError
GetStdHandle
GlobalLock
GlobalUnlock

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantClear
VariantInit

user32

CloseClipboard
GetClipboardData
GetDC
GetSystemMetrics
GetWindowInfo
OpenClipboard
ReleaseDC

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetCurrentObject
GetDIBits
GetObjectW
SelectObject
SelectPalette

Sections

.text
Size: 243KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

2d05f25bcaf5848849812d4fbc9bd796

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

oleaut32

user32

gdi32

Sections

.text Size: 243KB - Virtual size: 243KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 36KB - Virtual size: 72KB

.reloc Size: 19KB - Virtual size: 19KB

.text
Size: 243KB - Virtual size: 243KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 36KB - Virtual size: 72KB

.reloc
Size: 19KB - Virtual size: 19KB