lumma | 2520f2c7cc5cccbf212f77e4f133cf8d05af45ec7bc8dbdfc69833c8a435a562[.]exe

General

Target

2520f2c7cc5cccbf212f77e4f133cf8d05af45ec7bc8dbdfc69833c8a435a562.exe
Size

431KB
MD5

dd7758e209919b85f4ea0225a86f908d
SHA1

7ce44c6aaf28b3eeaa84127c9b142c5031f1ade5
SHA256

2520f2c7cc5cccbf212f77e4f133cf8d05af45ec7bc8dbdfc69833c8a435a562
SHA512

ac25cdf3fc4e4a520e213dd33e866f388c918554e063bafa2490d6a34002cfb4837e5c14dc28146d6cd637dacf0e923553863bb1203adf2dfa7db59d0aa493e9
SSDEEP

12288:oU6FHzARtfIpkZnbzMFAHVEVyGROIEFkZVM:+zARtfAkNzYGOVVOzyM

Score

10^/10

stealer lumma

Malware Config

Extracted

Family

lumma

C2

https://tryyudjasudqo.shop/api

https://eemmbryequo.shop/api

https://reggwardssdqw.shop/api

https://relaxatinownio.shop/api

https://tesecuuweqo.shop/api

https://tendencctywop.shop/api

https://licenseodqwmqn.shop/api

https://keennylrwmqlw.shop/api

https://giffrooypwm.shop/api

Signatures

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2520f2c7cc5cccbf212f77e4f133cf8d05af45ec7bc8dbdfc69833c8a435a562.exe

Files

2520f2c7cc5cccbf212f77e4f133cf8d05af45ec7bc8dbdfc69833c8a435a562.exe
.exe windows:6 windows x86 arch:x86

8a08f05f951e29daf72a243fb2aa4e67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CloseClipboard
GetClipboardData
GetDC
GetInputState
GetSystemMetrics
GetWindowLongW
OpenClipboard
ReleaseDC

kernel32

CopyFileW
ExitProcess
GetCommandLineW
GetCurrentProcessId
GetCurrentThreadId
GetLogicalDrives
GetSystemDirectoryW
GlobalLock
GlobalUnlock

ole32

CoCreateInstance
CoInitialize
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantClear
VariantInit

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetCurrentObject
GetDIBits
GetObjectW
SelectObject
StretchBlt

Sections

.text
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

lsry
Size: 103KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

8a08f05f951e29daf72a243fb2aa4e67

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

ole32

oleaut32

gdi32

Sections

.text Size: 272KB - Virtual size: 272KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 25KB - Virtual size: 61KB

.reloc Size: 18KB - Virtual size: 18KB

lsry Size: 103KB - Virtual size: 104KB

.text
Size: 272KB - Virtual size: 272KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 25KB - Virtual size: 61KB

.reloc
Size: 18KB - Virtual size: 18KB

lsry
Size: 103KB - Virtual size: 104KB