lumma | 320-3-0x0000000000860000-0x0000000000B6C000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

320-3-0x0000000000860000-0x0000000000B6C000-memory.dmp
Size

3.0MB
MD5

cb71bcf12a0f12419d2c90f2e98ce6e0
SHA1

b59c89962e745e64b652c9a2c610e48a9e7783c0
SHA256

e3e3d0ba0ca21b98bbd55ba148a2e473d1604da1895b7638dc7ea40ec02aa036
SHA512

43d06bc9388fe54c536b79e2ab138d072956a87131d149c9835661ad53104ae7db570c5a6e1cf56e5f2ef6bf13c12b55ebb2002df5fc6d807001b90bb002417a
SSDEEP

49152:Mu8dq2tPV7C2/uSr+Vz7+3AOs2v9cOt1EeTUMfwPI:MuV25V7C2/uSra7+3vn9fXE0BeI

Score

10^/10

stealer lumma

Malware Config

Extracted

Family

lumma

C2

https://clearancek.site

https://licendfilteo.site

https://spirittunek.store

https://bathdoomgaz.store

https://studennotediw.store

https://dissapoiznw.store

https://eaglepawnoy.store

https://mobbipenju.store

Signatures

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
320-3-0x0000000000860000-0x0000000000B6C000-memory.dmp

Files

320-3-0x0000000000860000-0x0000000000B6C000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 151KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bzzvcean
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nbvlzpdv
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE