lumma | ff392b0115e88048012cd0f024d481a8e221212148345d938368e2fb48659942[.]exe

General

Target

ff392b0115e88048012cd0f024d481a8e221212148345d938368e2fb48659942.exe
Size

404KB
MD5

6b42d92e8d678e0f8708f8e4ebbb9bd4
SHA1

97bb6f04d45843b840e0c8d3ccd5fd0bbbfe7cfc
SHA256

ff392b0115e88048012cd0f024d481a8e221212148345d938368e2fb48659942
SHA512

e2327d9e50a394f4de470a0e94d7a8ad97bbe085c9e1aeceb4f5cab659a2fe85e11685ecba57505aeb7e6b524c4d20b31366fd5f3d5ab0112dac00d183e8771e
SSDEEP

6144:2i0NpXCsSiYFZezeDhsmNInpSnj7CBbHcelwWQyvP3m7hjXhnlTPmsrmqng0:2VoiYbeMe2L8+37NRlJrmqg0

Score

10^/10

stealer lumma

Malware Config

Extracted

Family

lumma

C2

https://commisionipwn.shop/api

https://stitchmiscpaew.shop/api

https://ignoracndwko.shop/api

https://grassemenwji.shop/api

https://charistmatwio.shop/api

https://basedsymsotp.shop/api

https://complainnykso.shop/api

https://preachstrwnwjw.shop/api

https://weakkysemwmns.shop/api

Signatures

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff392b0115e88048012cd0f024d481a8e221212148345d938368e2fb48659942.exe

Files

ff392b0115e88048012cd0f024d481a8e221212148345d938368e2fb48659942.exe
.exe windows:6 windows x86 arch:x86

9fd5b8944ce9c3acaedc650793d4996e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileW
ExitProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLogicalDrives
GetSystemDirectoryW
GlobalLock
GlobalUnlock

user32

CloseClipboard
GetClipboardData
GetDC
GetSystemMetrics
GetWindowInfo
GetWindowLongW
OpenClipboard
ReleaseDC

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetCurrentObject
GetDIBits
GetObjectW
SelectObject
StretchBlt

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantClear
VariantInit

Sections

.text
Size: 254KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

lpyk
Size: 101KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

9fd5b8944ce9c3acaedc650793d4996e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

gdi32

oleaut32

Sections

.text Size: 254KB - Virtual size: 253KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 21KB - Virtual size: 58KB

.reloc Size: 16KB - Virtual size: 16KB

lpyk Size: 101KB - Virtual size: 104KB

.text
Size: 254KB - Virtual size: 253KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 21KB - Virtual size: 58KB

.reloc
Size: 16KB - Virtual size: 16KB

lpyk
Size: 101KB - Virtual size: 104KB