lumma | 1216-160-0x0000000000FB0000-0x0000000001463000-memory[.]dmp | Triage

Sharing

General

Target

1216-160-0x0000000000FB0000-0x0000000001463000-memory.dmp
Size

4.7MB
MD5

00282d21254e6385d4179ff207b847ea
SHA1

9540884294afe9a50703242bb327c062191d5d24
SHA256

eb1111d37954a60e19a496a7f86e5c7b1df6276026874338c6656a8f06e96ecf
SHA512

3a0995f3c15dcf98b8e4c244813f0ada90c85dc8778331919bfda198398ba79dd46d952c94ca0cc1ea0a75557e945502f64f99d592c8632acffaa455ae373ae3
SSDEEP

98304:u/6LpQsUeUZutJqvdbG9/ZV337jWhHfA5tT:u/ktJqvdq9/Zh37qu5tT

Score

10^/10

stealer lumma

Malware Config

Extracted

Family

lumma

C2

https://preside-comforter.sbs

https://savvy-steereo.sbs

https://copper-replace.sbs

https://record-envyp.sbs

https://slam-whipp.sbs

https://wrench-creter.sbs

https://looky-marked.sbs

https://plastic-mitten.sbs

https://hallowed-noisy.sbs

Signatures

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1216-160-0x0000000000FB0000-0x0000000001463000-memory.dmp

Files

1216-160-0x0000000000FB0000-0x0000000001463000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 150KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

eakxxwjz
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zpwtsegm
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE