lumma | 2896-3-0x00000000012A0000-0x0000000001745000-memory[.]dmp | Triage

Sharing

General

Target

2896-3-0x00000000012A0000-0x0000000001745000-memory.dmp
Size

4.6MB
MD5

af2243043c8bf2afcb6d64a50efddcf9
SHA1

1c19a4540a9d5640212aeb61a2f72c9c3211b433
SHA256

d4dfce5e59f4e84505b6b1cbee6213a64e906374a5ec101aaadc673a804b1dc1
SHA512

c49253406df3d441f15258d2a7d2313a028dd2b3746779a1736322bafdee785bc47c5c09d33b715ed2bf61ae61d77d40a47a3985c52fb64742535f30b7930259
SSDEEP

98304:UxbJB3bkIeDNrui5FXkF6DwZmFFVhqHQiKZeSkiD:B9puYXkF6+mJMH3KZeED

Score

10^/10

stealer lumma

Malware Config

Extracted

Family

lumma

C2

https://p3ar11fter.sbs

https://3xp3cts1aim.sbs

https://owner-vacat10n.sbs

https://peepburry828.sbs

https://p10tgrace.sbs

https://befall-sm0ker.sbs

https://librari-night.sbs

https://processhol.sbs

https://cook-rain.sbs

Signatures

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2896-3-0x00000000012A0000-0x0000000001745000-memory.dmp

Files

2896-3-0x00000000012A0000-0x0000000001745000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 151KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fdjagobf
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fkdiseam
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE