lumma | rnotdlokivc

General

Target

rnotdlokivc
Size

350KB
MD5

2aa52bb44dd98f49d5576eb64bee6c13
SHA1

f2add11544eb41d2858ce984586321b8b7a99d8b
SHA256

ef47c5996ef112f906427cbb974ece4d9400aa47a9f5e2edabffd4519ce5a7be
SHA512

c54650bd8fac5a068ebb5fd2a63a2fe8dfe9a54678f217fb8f0fe225e28d5cfe565e4b1d80a8bb7b4c5d315ffa87c4a41c2ef490b99c35adf606964004e3b0e7
SSDEEP

6144:gA1va1v6Hfi3WGJWawbIuO+HJGLUaTTSGECeN:HVNSruO+pyTgvN

Score

10^/10

stealer lumma

Malware Config

Extracted

Family

lumma

C2

https://enormousseop.shop/api

https://unseaffarignsk.shop/api

https://shepherdlyopzc.shop/api

https://upknittsoappz.shop/api

https://liernessfornicsa.shop/api

https://outpointsozp.shop/api

https://callosallsaospz.shop/api

https://lariatedzugspd.shop/api

https://indexterityszcoxp.shop/api

Signatures

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rnotdlokivc

Files

rnotdlokivc
.exe windows:6 windows x86 arch:x86

93d38faa538d34592b2dd571bcadf806

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize

kernel32

ExitProcess
GetCurrentProcessId
GetCurrentThreadId
GetLogicalDrives
GetProcessVersion
GetSystemDirectoryW
GlobalLock
GlobalUnlock

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantClear
VariantInit

user32

CloseClipboard
GetClipboardData
GetDC
GetSystemMetrics
GetWindowLongW
OpenClipboard
ReleaseDC

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetCurrentObject
GetDIBits
GetObjectW
SelectObject

Sections

.text
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

fbrue
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

93d38faa538d34592b2dd571bcadf806

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

oleaut32

user32

gdi32

Sections

.text Size: 242KB - Virtual size: 241KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 25KB - Virtual size: 62KB

.reloc Size: 19KB - Virtual size: 18KB

fbrue Size: 52KB - Virtual size: 52KB

.text
Size: 242KB - Virtual size: 241KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 25KB - Virtual size: 62KB

.reloc
Size: 19KB - Virtual size: 18KB

fbrue
Size: 52KB - Virtual size: 52KB