lumma | 4a418f722f21c5d757da8f37a20bc218de8e0b2cc0dacd033e2f49dead650ed2[.]exe

General

Target

4a418f722f21c5d757da8f37a20bc218de8e0b2cc0dacd033e2f49dead650ed2.exe
Size

457KB
MD5

88c431080afc2eeceef7dc50102de850
SHA1

b1778b9a6f5f1d6fb497f328b729da9c466d5459
SHA256

4a418f722f21c5d757da8f37a20bc218de8e0b2cc0dacd033e2f49dead650ed2
SHA512

b992c3d4e1794282bbb5f976c924ca02f72ea14098b36ecf51120d9dec7e38168dde66d834db60b21bf5d4c21e32ffe6cc7eaa2113144fcb0afbee448183bb6c
SSDEEP

12288:NY7Z+oCM+KAkmX+tDg7rlWamrcwUfb8Zx68kW:27Z+ob+KNmX+tD0lno3UT8bh

Score

10^/10

stealer lumma

Malware Config

Extracted

Family

lumma

C2

https://carrtychaintnyw.shop/api

https://quotamkdsdqo.shop/api

https://milldymarskwom.shop/api

https://metallygaricwo.shop/api

https://opponnentduei.shop/api

https://puredoffustow.shop/api

https://achievenmtynwjq.shop/api

https://chickerkuso.shop/api

https://trolleyrreiwn.shop/api

Signatures

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a418f722f21c5d757da8f37a20bc218de8e0b2cc0dacd033e2f49dead650ed2.exe

Files

4a418f722f21c5d757da8f37a20bc218de8e0b2cc0dacd033e2f49dead650ed2.exe
.exe windows:6 windows x86 arch:x86

8a08f05f951e29daf72a243fb2aa4e67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CloseClipboard
GetClipboardData
GetDC
GetInputState
GetSystemMetrics
GetWindowLongW
OpenClipboard
ReleaseDC

kernel32

CopyFileW
ExitProcess
GetCommandLineW
GetCurrentProcessId
GetCurrentThreadId
GetLogicalDrives
GetSystemDirectoryW
GlobalLock
GlobalUnlock

ole32

CoCreateInstance
CoInitialize
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantClear
VariantInit

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetCurrentObject
GetDIBits
GetObjectW
SelectObject
StretchBlt

Sections

.text
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

kkotb
Size: 103KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

8a08f05f951e29daf72a243fb2aa4e67

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

ole32

oleaut32

gdi32

Sections

.text Size: 301KB - Virtual size: 301KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 23KB - Virtual size: 59KB

.reloc Size: 18KB - Virtual size: 17KB

kkotb Size: 103KB - Virtual size: 104KB

.text
Size: 301KB - Virtual size: 301KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 23KB - Virtual size: 59KB

.reloc
Size: 18KB - Virtual size: 17KB

kkotb
Size: 103KB - Virtual size: 104KB