lumma | cea957d2ab409b64d233d873b6c3468d[.]virus

General

Target

cea957d2ab409b64d233d873b6c3468d.virus
Size

294KB
MD5

cea957d2ab409b64d233d873b6c3468d
SHA1

ecadd7076b0ccf50e2ae42f71ec987ecca4a5fd9
SHA256

173f0433c2baf5e0ae7a7800ca15ffdc741551fd5540553491c391de1953cf1a
SHA512

893b34a4d9008c82cc1f7d37a1b1e02e010ba719f63d0d37ba93e00739fb089c1dc22342017a99abeb6c0887f62726c3e1b8a616d84029fd5acec1c435430a31
SSDEEP

6144:Rz27/XNRnDTDt+4H4C+U0OGmKoUuta4D3wLeZNj2zK/M:RSjdlD44p+U04ltaeALINj22/M

Score

10^/10

stealer lumma

Malware Config

Extracted

Family

lumma

C2

https://upknittsoappz.shop/api

https://unseaffarignsk.shop/api

https://shepherdlyopzc.shop/api

https://liernessfornicsa.shop/api

https://outpointsozp.shop/api

https://callosallsaospz.shop/api

https://lariatedzugspd.shop/api

https://indexterityszcoxp.shop/api

Signatures

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cea957d2ab409b64d233d873b6c3468d.virus

Files

cea957d2ab409b64d233d873b6c3468d.virus
.exe windows:6 windows x86 arch:x86

93d38faa538d34592b2dd571bcadf806

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize

kernel32

ExitProcess
GetCurrentProcessId
GetCurrentThreadId
GetLogicalDrives
GetProcessVersion
GetSystemDirectoryW
GlobalLock
GlobalUnlock

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantClear
VariantInit

user32

CloseClipboard
GetClipboardData
GetDC
GetSystemMetrics
GetWindowLongW
OpenClipboard
ReleaseDC

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetCurrentObject
GetDIBits
GetObjectW
SelectObject

Sections

.text
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

93d38faa538d34592b2dd571bcadf806

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

oleaut32

user32

gdi32

Sections

.text Size: 238KB - Virtual size: 238KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 25KB - Virtual size: 61KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 238KB - Virtual size: 238KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 25KB - Virtual size: 61KB

.reloc
Size: 18KB - Virtual size: 18KB