Behavioral task
behavioral1
Sample
2496-3-0x0000000000D50000-0x0000000001069000-memory.exe
Resource
win7-20240729-en
General
-
Target
2496-3-0x0000000000D50000-0x0000000001069000-memory.dmp
-
Size
3.1MB
-
MD5
10b5457125373f7c49a9be84bbe8ae3c
-
SHA1
efc3e477d5ab15eb09d13da1bcdd82f2036d1010
-
SHA256
4e6ea18cc7592d660cecdddff3cb8ead95c2adb979aff261cd532583438e4ff7
-
SHA512
b0faee5f9d24de82a761f34747386fcf34ee91b6ef404ffc7fd345cd3c32379aae2e74e162f66ccc0bde7a515b106d5b736198344a8c6442e6dd9f4629caf94f
-
SSDEEP
49152:uAn1cxUSyLWbb8HNXLaeIPOcBRn2fdbscVnIvl9Q:u4cxUSySbbSaekOcfadbM
Malware Config
Extracted
lumma
https://clearancek.site
https://licendfilteo.site
https://spirittunek.store
https://bathdoomgaz.store
https://studennotediw.store
https://dissapoiznw.store
https://eaglepawnoy.store
https://mobbipenju.store
Signatures
-
Lumma family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2496-3-0x0000000000D50000-0x0000000001069000-memory.dmp
Files
-
2496-3-0x0000000000D50000-0x0000000001069000-memory.dmp.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 151KB - Virtual size: 372KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
kcahiyrj Size: 2.7MB - Virtual size: 2.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
rlffckzb Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.taggant Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE