lumma | a8a54042f4b244083cc99dddfc75bd8824be0f2853e96240a3ed42799508556b

General

Target

a8a54042f4b244083cc99dddfc75bd8824be0f2853e96240a3ed42799508556b
Size

330KB
MD5

e32b5317a890f49c4b1259f5e44b755a
SHA1

45dc94bdd19373f8be1f0e86e156f86cf47f2e8c
SHA256

a8a54042f4b244083cc99dddfc75bd8824be0f2853e96240a3ed42799508556b
SHA512

07d5487b868851a40e645c409ef6ada58d6b0d9616dee352c20ecdef61cd82486f267a14c51286bb2999d494cb5e11b75294ac3c2d8635edad2af83a98430618
SSDEEP

6144:nnmd5cDKdP+sgD1PI9Ba5PKERdFa0ZM2/yLK4LIJStAuqdZw:nmdjdPTChGBqP5RdRZMzIJK7q

Score

10^/10

stealer lumma

Malware Config

Extracted

Family

lumma

C2

https://servicedny.site

https://authorisev.site

https://faulteyotk.site

https://dilemmadu.site

https://contemteny.site

https://goalyfeastz.site

https://opposezmny.site

https://seallysl.site

https://memberidealky.cfd

Signatures

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
a8a54042f4b244083cc99dddfc75bd8824be0f2853e96240a3ed42799508556b

Files

a8a54042f4b244083cc99dddfc75bd8824be0f2853e96240a3ed42799508556b
.exe windows:6 windows x86 arch:x86

d831bc9b19d321c7f80aeb924e467e59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileW
ExitProcess
GetCommandLineW
GetCurrentProcessId
GetCurrentThreadId
GetLogicalDrives
GetSystemDirectoryW
GlobalLock
GlobalUnlock

shell32

SHEmptyRecycleBinW
ShellExecuteW

user32

CloseClipboard
FindWindowExW
GetClipboardData
GetDC
GetForegroundWindow
GetSystemMetrics
GetWindowLongW
GetWindowThreadProcessId
IsWindowEnabled
IsWindowVisible
OpenClipboard
ReleaseDC

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
DeleteDC
DeleteObject
GetCurrentObject
GetDIBits
GetObjectW
GetPixel
SelectObject
StretchBlt

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

Sections

.text
Size: 275KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

d831bc9b19d321c7f80aeb924e467e59

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

user32

ole32

gdi32

oleaut32

Sections

.text Size: 275KB - Virtual size: 275KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 25KB - Virtual size: 61KB

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 275KB - Virtual size: 275KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 25KB - Virtual size: 61KB

.reloc
Size: 19KB - Virtual size: 18KB