lumma | 9dec102e0c4601aff24d7505db37dec23cad16f4c8d56b397ac399d654ef8f3eN

General

Target

9dec102e0c4601aff24d7505db37dec23cad16f4c8d56b397ac399d654ef8f3eN
Size

315KB
MD5

bd9cd6ddf4d65e04aba41806cd6a9900
SHA1

12e2ed0e8aa00f9031445b1cbb44a532a096e42e
SHA256

9dec102e0c4601aff24d7505db37dec23cad16f4c8d56b397ac399d654ef8f3e
SHA512

61eebf1cafbefbf98e24a06fb847eb9bb9fe586b24b1c02af3a1c184702d329246efa12b60a97fc0bfcd3d9fd1ff261a8b7501c8e87c1e6bbab567d70e0a4f7c
SSDEEP

6144:AltaxEbNf+tlfPQe4fbUmz97jbsIKKe9/uxFG4xv21r6iYMPR71nuyJdE1gr:uUxEbNf+TvmFbOKs6v2lhPPR71ncC

Score

10^/10

stealer lumma

Malware Config

Extracted

Family

lumma

C2

https://hummskitnj.buzz/api

https://cashfuzysao.buzz/api

https://appliacnesot.buzz/api

https://screwamusresz.buzz/api

https://inherineau.buzz/api

https://scentniej.buzz/api

https://rebuildeso.buzz/api

https://prisonyfork.buzz/api

Signatures

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9dec102e0c4601aff24d7505db37dec23cad16f4c8d56b397ac399d654ef8f3eN

Files

9dec102e0c4601aff24d7505db37dec23cad16f4c8d56b397ac399d654ef8f3eN
.exe windows:6 windows x86 arch:x86

71e0d6fab5f31c6d74b68ae2c05f0d5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
ExitProcess
GetCommandLineW
GetCurrentProcessId
GetCurrentThreadId
GetLogicalDrives
GetSystemDirectoryW
GlobalLock
GlobalUnlock

shell32

SHEmptyRecycleBinW
SHGetFileInfoW
SHGetSpecialFolderPathW

user32

CloseClipboard
GetClipboardData
GetDC
GetForegroundWindow
GetSystemMetrics
GetWindowLongW
OpenClipboard
ReleaseDC

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
DeleteDC
DeleteObject
GetCurrentObject
GetDIBits
GetObjectW
GetPixel
SelectObject
StretchBlt

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoQueryClientBlanket
CoSetProxyBlanket
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

Sections

.text
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

71e0d6fab5f31c6d74b68ae2c05f0d5a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

user32

gdi32

ole32

oleaut32

Sections

.text Size: 261KB - Virtual size: 260KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 22KB - Virtual size: 54KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 261KB - Virtual size: 260KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 22KB - Virtual size: 54KB

.reloc
Size: 15KB - Virtual size: 15KB