lumma | gxtpo | Triage

General

Target

gxtpo
Size

300KB
MD5

1eea6fbf93f8061dc49607a3a1847560
SHA1

e51ba3a17d2dde90c640d2c134c89590f0161759
SHA256

0abf4fa77a2db27572d0f05cd6886bbaf1b033e30dc2b12fbe847b87b1041065
SHA512

cd6f390ce19e00cbc75adae860fa58aa8102f8e5234d7afe5948ba247fc524165de8b37c2fa93396540aea60e9ef1d3bc49b25686cc065b2ef51b5e86e85a37e
SSDEEP

6144:4xtgNKdagVVRC2iAQhj+yXkbN5WxyEULG5ABoIYLFiyUt:Ot/daiPHPyXc5WxeBo2Lt

Score

10^/10

stealer lumma

Malware Config

Extracted

Family

lumma

C2

https://spliceszongsop.shop/api

https://unseaffarignsk.shop/api

https://shepherdlyopzc.shop/api

https://upknittsoappz.shop/api

https://liernessfornicsa.shop/api

https://outpointsozp.shop/api

https://callosallsaospz.shop/api

https://lariatedzugspd.shop/api

https://indexterityszcoxp.shop/api

Signatures

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gxtpo

Files

gxtpo
.exe windows:6 windows x86 arch:x86

93d38faa538d34592b2dd571bcadf806

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize

kernel32

ExitProcess
GetCurrentProcessId
GetCurrentThreadId
GetLogicalDrives
GetProcessVersion
GetSystemDirectoryW
GlobalLock
GlobalUnlock

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantClear
VariantInit

user32

CloseClipboard
GetClipboardData
GetDC
GetSystemMetrics
GetWindowLongW
OpenClipboard
ReleaseDC

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetCurrentObject
GetDIBits
GetObjectW
SelectObject

Sections

.text
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

dmu
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

93d38faa538d34592b2dd571bcadf806

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

oleaut32

user32

gdi32

Sections

.text Size: 239KB - Virtual size: 239KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 25KB - Virtual size: 61KB

.reloc Size: 18KB - Virtual size: 18KB

dmu Size: 5KB - Virtual size: 8KB

.text
Size: 239KB - Virtual size: 239KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 25KB - Virtual size: 61KB

.reloc
Size: 18KB - Virtual size: 18KB

dmu
Size: 5KB - Virtual size: 8KB