lumma | 2336-3-0x0000000000D10000-0x0000000001029000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2336-3-0x0000000000D10000-0x0000000001029000-memory.dmp
Size

3.1MB
MD5

d04fc7b7d37365c12054d64e7dee2996
SHA1

45ded6c79fafb83bf085fe5df5cf8955e34a0d06
SHA256

fb4dac47470d897dc3bebe50e2e221900bf86c7100ecd1e58e2d40bedd04f6af
SHA512

627495fe908a0cdc52c69a2e732f79054304c737287ed7a91f148e9fe89ccf28e7abfe3a200c63a4a99d20cbdaa5a257eb64658e96c4eeadd5903ec098da389d
SSDEEP

49152:vFIUZ0Xn4ASaAXSMeWKke5DzgXKzW7Af3A/p2:v9mXn4ASaAXSrWKbGX5MA/p2

Score

10^/10

stealer lumma

Malware Config

Extracted

Family

lumma

C2

https://clearancek.site

https://licendfilteo.site

https://spirittunek.store

https://bathdoomgaz.store

https://studennotediw.store

https://dissapoiznw.store

https://eaglepawnoy.store

https://mobbipenju.store

Signatures

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2336-3-0x0000000000D10000-0x0000000001029000-memory.dmp

Files

2336-3-0x0000000000D10000-0x0000000001029000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 151KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ymfcxwvv
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qlrflohx
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE