Lumma | 1a3bf1ca837f

Classifications

Spyware

Threat Names

Lumma

Dynamic Analysis Report

Created on 2024-03-05T19:11:45+00:00

1972-56-0x0000000000400000-0x0000000000439000-memory.exe

Windows Exe (x86-32)

Remarks (1/1)

Process Crash (0x02000008): One or more processes crashed during the analysis. Analysis results may be incomplete.

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\1972-56-0x0000000000400000-0x0000000000439000-memory.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	228.00 KB
MD5	d314c8008c2501f1a34126e26aea4105
SHA1	bb401965e8bdd444d5d3247b85aec7733dd1794a
SHA256	1a3bf1ca837f04b23d7859ca14f8d52759fa867d8467aeb68eef68c958da848b
SSDeep	3072:KNu5n9Ephmo10MM7TdPoIVC8dlWgEtGJPWRtXx33ieLQsJo/9hFdkhXPwI2:KNu5nuWIMoI3aRthhLZWVhHg2
ImpHash	-

PE Information

Image Base	0x00400000
Entry Point	0x0040CF3C
Size Of Code	0x00025A00
Size Of Initialized Data	0x0000E200
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2023-04-14 00:26 (UTC+2)

Sections (6)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00401000	0x00025941	0x00025A00	0x00000400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.63
.rdata	0x00427000	0x0000B9FC	0x0000BA00	0x00025E00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.23
.data	0x00433000	0x00001738	0x00000C00	0x00031800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	5.36
.00cfg	0x00435000	0x00000008	0x00000200	0x00032400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	2.43
.voltbl	0x00436000	0x00000034	0x00000200	0x00032600		2.21
.reloc	0x00437000	0x000018E4	0x00001A00	0x00032800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	1.4

YARA Matches (1)

Rule Name	Rule Description	Classification	Score	Actions
Lumma_C2	LummaC2 Stealer	Spyware	5/5	... Actions Show Ruleset Show Match

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".

Before

After

WHOIS Domain Information

Screenshot

Remarks (1/1)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information