lumma | 2512-3-0x0000000000DA0000-0x00000000010A3000-memory[.]dmp | Triage

Sharing

General

Target

2512-3-0x0000000000DA0000-0x00000000010A3000-memory.dmp
Size

3.0MB
MD5

758d6ebf0c55ff2debd23056128afe08
SHA1

7a3f5e715c46dd53c053def8c9808ba7ef50a3a3
SHA256

4703f6a2471486276da21f73ebdf3ccc16c2524acf359361efb5433f801be5de
SHA512

d3959d7cf30fe73871459e915ac6ad922f4206a98776f151735eb59a11c52bd29e6d3afc22655f416d7da7a12f9c8fddfdc6b10963117c213e49aa8c242323b0
SSDEEP

49152:LpXSM755hbqaAoqmcR9LSZiBcI9a+zPN7H:LcM73hb5AoWScBcII+zPNj

Score

10^/10

stealer lumma

Malware Config

Extracted

Family

lumma

C2

https://clearancek.site

https://licendfilteo.site

https://spirittunek.store

https://bathdoomgaz.store

https://studennotediw.store

https://dissapoiznw.store

https://eaglepawnoy.store

https://mobbipenju.store

Signatures

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2512-3-0x0000000000DA0000-0x00000000010A3000-memory.dmp

Files

2512-3-0x0000000000DA0000-0x00000000010A3000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 151KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mjdezxws
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hjrgmxtn
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE