Lumma | 379b7dfe9ebf

Classifications

Spyware

Threat Names

Mal/Generic-S Lumma

Dynamic Analysis Report

Created on 2024-03-14T13:20:12+00:00

379b7dfe9ebf657013b4d7f1840c71d3a158563c12c56f1e0b70b3f04f2daaf7.exe

Windows Exe (x86-32)

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\OqXZRaykm\Desktop\379b7dfe9ebf657013b4d7f1840c71d3a158563c12c56f1e0b70b3f04f2daaf7.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	364.00 KB
MD5	1e9fff52f83f621e6ea12004886d2fe8
SHA1	52bfa9287d4f8a6d8b219e44760d1637881e8326
SHA256	379b7dfe9ebf657013b4d7f1840c71d3a158563c12c56f1e0b70b3f04f2daaf7
SSDeep	6144:9Wl4LFa4hSjw81a3Y2xGyc3rFG676HfmB70IqmxuFlqSXS6EiP/Fm2T:9W4Rl81exXc3s676HOBxqm8HqS5M2T
ImpHash	-

File Reputation Information

Verdict	Malicious
Names	Mal/Generic-S

PE Information

Image Base	0x00400000
Entry Point	0x0042C35C
Size Of Code	0x0004AE00
Size Of Initialized Data	0x0000DA00
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2023-07-03 03:38 (UTC+2)

Sections (4)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00401000	0x0004ADD1	0x0004AE00	0x00000400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.75
.rdata	0x0044C000	0x0000A2B4	0x0000A400	0x0004B200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.6
.data	0x00457000	0x00001912	0x00001A00	0x00055600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	2.4
.reloc	0x00459000	0x00001B08	0x00001C00	0x00057000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	2.32

YARA Matches (1)

Rule Name	Rule Description	Classification	Score	Actions
Lumma_C2	LummaC2 Stealer	Spyware	5/5	... Actions Show Ruleset Show Match

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".

Before

After

WHOIS Domain Information

Screenshot

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information