Try VMRay Platform
Malicious
Classifications

Spyware

Threat Names

Lumma C2/Generic-A Mal/Generic-S Mal/HTMLGen-A +1

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\LummaC2.exe Sample File Binary
Malicious
»
MIME Type application/vnd.microsoft.portable-executable
File Size 320.62 KB
MD5 b19c64028b9b064d1251832fdfd37632 Copy to Clipboard
SHA1 550f70196d211126f4a93b15daf05729ae9d6e26 Copy to Clipboard
SHA256 c80f852db4f73aae745217744490bbc3553a2bdf5fe0327159c788c1b04578ae Copy to Clipboard
SSDeep 6144:a3VUD8LkbASEQJYMm+l0s0UddmR6ZPcF3tVOTjoBwS0vE:auDYkbAtQJ30udEyPq3iTjo2L Copy to Clipboard
ImpHash 9afa74f09d19900a85844b7a585219b4 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x00400000
Entry Point 0x00408730
Size Of Code 0x00044C00
Size Of Initialized Data 0x0000B200
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2025-01-02 20:58 (UTC+1)
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x00044B02 0x00044C00 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.62
.rdata 0x00446000 0x000023EB 0x00002400 0x00045000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.9
.data 0x00449000 0x0000D57C 0x00005200 0x00047400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 6.48
.reloc 0x00457000 0x00003C00 0x00003C00 0x0004C600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.52
Imports (6)
»
KERNEL32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateProcessW - 0x00448044 0x00047F84 0x00046F84 0x000000E8
CreateThread - 0x00448048 0x00047F88 0x00046F88 0x000000F6
ExitProcess - 0x0044804C 0x00047F8C 0x00046F8C 0x00000162
GetCommandLineW - 0x00448050 0x00047F90 0x00046F90 0x000001DB
GetCurrentProcessId - 0x00448054 0x00047F94 0x00046F94 0x0000021C
GetCurrentThreadId - 0x00448058 0x00047F98 0x00046F98 0x00000220
GetLogicalDrives - 0x0044805C 0x00047F9C 0x00046F9C 0x0000026C
GlobalLock - 0x00448060 0x00047FA0 0x00046FA0 0x00000344
GlobalUnlock - 0x00448064 0x00047FA4 0x00046FA4 0x0000034B
SHELL32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetFileInfoW - 0x0044806C 0x00047FAC 0x00046FAC 0x0000014A
SHGetSpecialFolderPathW - 0x00448070 0x00047FB0 0x00046FB0 0x0000016E
USER32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CloseClipboard - 0x00448078 0x00047FB8 0x00046FB8 0x0000004F
GetClipboardData - 0x0044807C 0x00047FBC 0x00046FBC 0x00000134
GetDC - 0x00448080 0x00047FC0 0x00046FC0 0x00000140
GetForegroundWindow - 0x00448084 0x00047FC4 0x00046FC4 0x00000157
GetSystemMetrics - 0x00448088 0x00047FC8 0x00046FC8 0x000001C6
GetWindowLongW - 0x0044808C 0x00047FCC 0x00046FCC 0x000001E6
OpenClipboard - 0x00448090 0x00047FD0 0x00046FD0 0x00000298
ReleaseDC - 0x00448094 0x00047FD4 0x00046FD4 0x000002F7
GDI32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
BitBlt - 0x0044809C 0x00047FDC 0x00046FDC 0x00000013
CreateCompatibleBitmap - 0x004480A0 0x00047FE0 0x00046FE0 0x00000030
CreateCompatibleDC - 0x004480A4 0x00047FE4 0x00046FE4 0x00000031
CreateDIBSection - 0x004480A8 0x00047FE8 0x00046FE8 0x00000037
DeleteDC - 0x004480AC 0x00047FEC 0x00046FEC 0x00000183
DeleteObject - 0x004480B0 0x00047FF0 0x00046FF0 0x00000186
GetCurrentObject - 0x004480B4 0x00047FF4 0x00046FF4 0x00000276
GetDIBits - 0x004480B8 0x00047FF8 0x00046FF8 0x0000027D
GetObjectW - 0x004480BC 0x00047FFC 0x00046FFC 0x000002B0
GetPixel - 0x004480C0 0x00048000 0x00047000 0x000002B7
SelectObject - 0x004480C4 0x00048004 0x00047004 0x00000367
StretchBlt - 0x004480C8 0x00048008 0x00047008 0x000003A3
ole32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoCreateInstance - 0x004480D0 0x00048010 0x00047010 0x00000028
CoInitializeEx - 0x004480D4 0x00048014 0x00047014 0x0000005E
CoInitializeSecurity - 0x004480D8 0x00048018 0x00047018 0x0000005F
CoQueryClientBlanket - 0x004480DC 0x0004801C 0x0004701C 0x0000006D
CoSetProxyBlanket - 0x004480E0 0x00048020 0x00047020 0x00000084
CoTaskMemAlloc - 0x004480E4 0x00048024 0x00047024 0x00000088
CoUninitialize - 0x004480E8 0x00048028 0x00047028 0x0000008E
OLEAUT32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysAllocString 0x00000002 0x004480F0 0x00048030 0x00047030 -
SysFreeString 0x00000006 0x004480F4 0x00048034 0x00047034 -
VariantClear 0x00000009 0x004480F8 0x00048038 0x00047038 -
VariantInit 0x00000008 0x004480FC 0x0004803C 0x0004703C -
Memory Dumps (6)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
lummac2.exe 1 0x00B20000 0x00B7AFFF Relevant Image False 32-bit 0x00B5D5C0 False
buffer 1 0x0018D000 0x0018FFFF First Network Behavior False 32-bit - False
buffer 1 0x006EB6F0 0x006ED6EF First Network Behavior False 32-bit - False
buffer 1 0x006EFDC8 0x006F5317 First Network Behavior False 32-bit - False
lummac2.exe 1 0x00B20000 0x00B7AFFF First Network Behavior False 32-bit 0x00B2C147 False
lummac2.exe 1 0x00B20000 0x00B7AFFF Process Termination False 32-bit - False
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
Lumma_Custom_Base64 Lumma custom base64 decoding Spyware
5/5
1dace9de2bf30a9453fd1fae07c9d240ec48967b4793b34e2fbb71bb7ca37bec Downloaded File HTML
Clean
»
MIME Type text/html
File Size 34.74 KB
MD5 0c0b16ebe6f125e02e89dfd019316649 Copy to Clipboard
SHA1 fc2c8e84ca31f1969e69a72dc08ea8b762635f76 Copy to Clipboard
SHA256 1dace9de2bf30a9453fd1fae07c9d240ec48967b4793b34e2fbb71bb7ca37bec Copy to Clipboard
SSDeep 768:75pq/Ku4HmBC5ReOpznzQlF5aXfsW9l+X9hJYFn5OMF5CBHxaXfsW9l+X9hJYM2y:758/Ku4HmBC5ReOpzna5aXfsW9l+X9hd Copy to Clipboard
ImpHash -
Static Analysis Parser Error HTML parser encountered errors
Extracted URLs (67)
»
URL WHOIS Data Reputation Status Recursively Submitted Actions
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Malicious
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Malicious
Show WHOIS
Malicious
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
7f29b056124c7a85c5c0d5fb2b9547c6bf83d8f43511a3269fedacc4dd63b618 Downloaded File Text
Clean
»
MIME Type text/plain
File Size 18.39 KB
MD5 a2cc9aca4ac31b7be717017b5d18c6e1 Copy to Clipboard
SHA1 1934cfdbe18171d7dd955223b7d4d01aeef6a057 Copy to Clipboard
SHA256 7f29b056124c7a85c5c0d5fb2b9547c6bf83d8f43511a3269fedacc4dd63b618 Copy to Clipboard
SSDeep 384:6P3IbwCmpB7+Zp4PbgOcQ+44hTXnETIIqH1Rw2FaK2uZQOGhucvwz:s3oIB7+ZSjgOF+5r8IxH1xzjUocvo Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\YRKX5IGJCF4P03CKFEXRY9XNOZU.ps1 Downloaded File HTML
Clean
»
MIME Type text/html
File Size 4.34 KB
MD5 d9675f4cfe188b1e63aae376621c76b7 Copy to Clipboard
SHA1 b4e1b788e6f534ccb36ea168c8833752ac23eddc Copy to Clipboard
SHA256 3b0b56cd764b880cbdfe90b00237d5330f032cb48d15b461d468bb4847cd5aaa Copy to Clipboard
SSDeep 48:5q41lJM8WOxEj4/wPsAG4oevjKEcXrCnBBkpBxVGLrGWQSTw2wptI8Id6Pu:5hPA5jKEcXrCnTkpBxFTnx/ICu Copy to Clipboard
ImpHash -
Extracted URLs (1)
»
URL WHOIS Data Reputation Status Recursively Submitted Actions
Show WHOIS
Not Available
69bbc9fad95f03816f05ffe503c5f44b9639dc3289c26cf778bbab09b49f2d8e Downloaded File Stream
Clean
»
MIME Type application/octet-stream
File Size 1.49 KB
MD5 6d1cebdb3d09cdadddc402843bfa1d8e Copy to Clipboard
SHA1 3b64362fa591aacd6e6fd4a4804ae9ec08cd3787 Copy to Clipboard
SHA256 69bbc9fad95f03816f05ffe503c5f44b9639dc3289c26cf778bbab09b49f2d8e Copy to Clipboard
SSDeep 24:B+QUX+1+QE+kq+U3p+XtTvxbeXYPvMk9nXYxnnQAZ6j8SoUfgxkv3RxCLYb:sWiTvxbeqvMkVXYxnnQG+8SoU4W4Q Copy to Clipboard
ImpHash -
eb6a7ba3ea1096e334f36ad552418a169fe41270e20b974b5606da78da745438 Downloaded File Text
Clean
»
MIME Type text/plain
File Size 120 Bytes
MD5 33a1fad47278c99da11ae624794d5c5a Copy to Clipboard
SHA1 f4bad649dc198afaf8bfae73b76c995fcbd4d0fc Copy to Clipboard
SHA256 eb6a7ba3ea1096e334f36ad552418a169fe41270e20b974b5606da78da745438 Copy to Clipboard
SSDeep 3:wr9lX3CIz3fHWpQQGrVy0Q/AnjaFSyKc6jri4F:wZZH3PIIVbnjaKcy Copy to Clipboard
ImpHash -
6113445002625a377f23b4b3cae970f91ee4283887b6ab19eb886456e525b425 Downloaded File Text
Clean
»
MIME Type text/plain
File Size 85 Bytes
MD5 be77016a67225509274f5036b63f6566 Copy to Clipboard
SHA1 239e0c04793113194f7c4d2415a6533f1ddb8f98 Copy to Clipboard
SHA256 6113445002625a377f23b4b3cae970f91ee4283887b6ab19eb886456e525b425 Copy to Clipboard
SSDeep 3:vRYR69RrJMboIqDITSDCSAlRjdoZdzUdK:JYR8Rt4oIqySUnoZGw Copy to Clipboard
ImpHash -
ce528fdc5093be3f3184ffaf605c38bbaf0c892d57570e1e18e5ca2f5661be84 Downloaded File Text
Clean
»
MIME Type text/plain
File Size 50 Bytes
MD5 914a38b2ceb29bb952b187bf52b00fe6 Copy to Clipboard
SHA1 8b4af0c96b80e3dd7e7343ea3106904320c2d5e7 Copy to Clipboard
SHA256 ce528fdc5093be3f3184ffaf605c38bbaf0c892d57570e1e18e5ca2f5661be84 Copy to Clipboard
SSDeep 3:vR/M6ECJMboIqDITSDY:Jk84oIqySE Copy to Clipboard
ImpHash -
04339c5b1cd2339b03ffd50bc302c17f6c3ea7a39abbe96dd4ea5ad6d9796764 Downloaded File Text
Clean
»
MIME Type text/plain
File Size 8 Bytes
MD5 faf57b74d4f3a37d109433c62e0d0fbd Copy to Clipboard
SHA1 b844716b8f45b1069bb05a63c94df160aeb7bfba Copy to Clipboard
SHA256 04339c5b1cd2339b03ffd50bc302c17f6c3ea7a39abbe96dd4ea5ad6d9796764 Copy to Clipboard
SSDeep 3:vRFc:Je Copy to Clipboard
ImpHash -
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df Downloaded File Text
Clean
Known to be clean.
»
MIME Type text/plain
File Size 2 Bytes
MD5 444bcb3a3fcf8389296c49467f27e1d6 Copy to Clipboard
SHA1 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb Copy to Clipboard
SHA256 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df Copy to Clipboard
SSDeep 3:V:V Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image