Lumma | 495a744f7833

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\26422abceca3d5ce14d064e290678221.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	458.00 KB
MD5	26422abceca3d5ce14d064e290678221
SHA1	9bde1cf1e554872705cc38c9591b77b59c3aa597
SHA256	495a744f783348c8a6ef1c048ea3e62d3903b00c66e9be21bb374d59d18b682e
SSDeep	6144:PVrxFkLFRewJDAA9gJX4Lbsi0tgSh7Z2cEnMBmXgmmA5ab1v5tUmfqlJFKe7RiXI:PORRjW7dVBcTn5ab1htUKqlJFMDEt
ImpHash	f4a5c656336c7917052b7f56b0f839f4

File Reputation Information

Verdict	Malicious
Names	Mal/Generic-S

PE Information

Image Base	0x00400000
Entry Point	0x0043FD2C
Size Of Code	0x00062C00
Size Of Initialized Data	0x00010000
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2011-12-02 14:22 (UTC+1)

Sections (5)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00401000	0x00062ADC	0x00062C00	0x00000400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.83
.rdata	0x00464000	0x0000BC84	0x0000BE00	0x00063000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.8
.data	0x00470000	0x00002046	0x00002200	0x0006EE00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	3.06
.'w(	0x00473000	0x00000700	0x00000800	0x00071000	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.2
ucnttp	0x00474000	0x00001000	0x00001000	0x00071800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	5.32

Imports (9)

KERNEL32.dll (98)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CloseHandle	-	0x0046E774	0x0006E538	0x0006D538	0x0000008E
CompareStringW	-	0x0046E778	0x0006E53C	0x0006D53C	0x000000A3
CreateFileA	-	0x0046E77C	0x0006E540	0x0006D540	0x000000CB
CreateFileW	-	0x0046E780	0x0006E544	0x0006D544	0x000000D3
CreateProcessW	-	0x0046E784	0x0006E548	0x0006D548	0x000000EE
DecodePointer	-	0x0046E788	0x0006E54C	0x0006D54C	0x00000113
DeleteCriticalSection	-	0x0046E78C	0x0006E550	0x0006D550	0x0000011A
DeleteFileW	-	0x0046E790	0x0006E554	0x0006D554	0x0000011F
EncodePointer	-	0x0046E794	0x0006E558	0x0006D558	0x00000139
EnterCriticalSection	-	0x0046E798	0x0006E55C	0x0006D55C	0x0000013D
ExitProcess	-	0x0046E79C	0x0006E560	0x0006D560	0x0000016A
ExpandEnvironmentStringsW	-	0x0046E7A0	0x0006E564	0x0006D564	0x0000016E
FileTimeToSystemTime	-	0x0046E7A4	0x0006E568	0x0006D568	0x00000176
FindClose	-	0x0046E7A8	0x0006E56C	0x0006D56C	0x00000181
FindFirstFileExW	-	0x0046E7AC	0x0006E570	0x0006D570	0x00000187
FindNextFileW	-	0x0046E7B0	0x0006E574	0x0006D574	0x00000198
FlushFileBuffers	-	0x0046E7B4	0x0006E578	0x0006D578	0x000001AB
FreeEnvironmentStringsW	-	0x0046E7B8	0x0006E57C	0x0006D57C	0x000001B6
FreeLibrary	-	0x0046E7BC	0x0006E580	0x0006D580	0x000001B7
GetACP	-	0x0046E7C0	0x0006E584	0x0006D584	0x000001BE
GetCPInfo	-	0x0046E7C4	0x0006E588	0x0006D588	0x000001CD
GetCommandLineA	-	0x0046E7C8	0x0006E58C	0x0006D58C	0x000001E2
GetCommandLineW	-	0x0046E7CC	0x0006E590	0x0006D590	0x000001E3
GetComputerNameExA	-	0x0046E7D0	0x0006E594	0x0006D594	0x000001E9
GetComputerNameW	-	0x0046E7D4	0x0006E598	0x0006D598	0x000001EB
GetConsoleMode	-	0x0046E7D8	0x0006E59C	0x0006D59C	0x00000208
GetConsoleOutputCP	-	0x0046E7DC	0x0006E5A0	0x0006D5A0	0x0000020C
GetCurrentDirectoryW	-	0x0046E7E0	0x0006E5A4	0x0006D5A4	0x0000021D
GetCurrentProcess	-	0x0046E7E4	0x0006E5A8	0x0006D5A8	0x00000224
GetCurrentProcessId	-	0x0046E7E8	0x0006E5AC	0x0006D5AC	0x00000225
GetCurrentThreadId	-	0x0046E7EC	0x0006E5B0	0x0006D5B0	0x00000229
GetDriveTypeW	-	0x0046E7F0	0x0006E5B4	0x0006D5B4	0x0000023C
GetEnvironmentStringsW	-	0x0046E7F4	0x0006E5B8	0x0006D5B8	0x00000244
GetFileInformationByHandle	-	0x0046E7F8	0x0006E5BC	0x0006D5BC	0x00000254
GetFileSizeEx	-	0x0046E7FC	0x0006E5C0	0x0006D5C0	0x00000259
GetFileType	-	0x0046E800	0x0006E5C4	0x0006D5C4	0x0000025B
GetFullPathNameW	-	0x0046E804	0x0006E5C8	0x0006D5C8	0x00000266
GetLastError	-	0x0046E808	0x0006E5CC	0x0006D5CC	0x0000026E
GetModuleFileNameA	-	0x0046E80C	0x0006E5D0	0x0006D5D0	0x00000281
GetModuleFileNameW	-	0x0046E810	0x0006E5D4	0x0006D5D4	0x00000282
GetModuleHandleExW	-	0x0046E814	0x0006E5D8	0x0006D5D8	0x00000285
GetModuleHandleW	-	0x0046E818	0x0006E5DC	0x0006D5DC	0x00000286
GetOEMCP	-	0x0046E81C	0x0006E5E0	0x0006D5E0	0x000002A6
GetProcAddress	-	0x0046E820	0x0006E5E4	0x0006D5E4	0x000002BD
GetProcessHeap	-	0x0046E824	0x0006E5E8	0x0006D5E8	0x000002C4
GetStartupInfoW	-	0x0046E828	0x0006E5EC	0x0006D5EC	0x000002E1
GetStdHandle	-	0x0046E82C	0x0006E5F0	0x0006D5F0	0x000002E3
GetStringTypeW	-	0x0046E830	0x0006E5F4	0x0006D5F4	0x000002E8
GetSystemTimeAsFileTime	-	0x0046E834	0x0006E5F8	0x0006D5F8	0x000002FA
GetTimeZoneInformation	-	0x0046E838	0x0006E5FC	0x0006D5FC	0x00000323
GetVolumeInformationW	-	0x0046E83C	0x0006E600	0x0006D600	0x00000333
HeapAlloc	-	0x0046E840	0x0006E604	0x0006D604	0x0000035A
HeapFree	-	0x0046E844	0x0006E608	0x0006D608	0x0000035E
HeapReAlloc	-	0x0046E848	0x0006E60C	0x0006D60C	0x00000361
HeapSize	-	0x0046E84C	0x0006E610	0x0006D610	0x00000363
InitializeCriticalSectionAndSpinCount	-	0x0046E850	0x0006E614	0x0006D614	0x00000374
InitializeSListHead	-	0x0046E854	0x0006E618	0x0006D618	0x00000378
IsDebuggerPresent	-	0x0046E858	0x0006E61C	0x0006D61C	0x00000394
IsProcessorFeaturePresent	-	0x0046E85C	0x0006E620	0x0006D620	0x0000039B
IsValidCodePage	-	0x0046E860	0x0006E624	0x0006D624	0x000003A1
K32EnumProcesses	-	0x0046E864	0x0006E628	0x0006D628	0x000003AF
LCMapStringW	-	0x0046E868	0x0006E62C	0x0006D62C	0x000003C7
LeaveCriticalSection	-	0x0046E86C	0x0006E630	0x0006D630	0x000003D3
LoadLibraryA	-	0x0046E870	0x0006E634	0x0006D634	0x000003D7
LoadLibraryExW	-	0x0046E874	0x0006E638	0x0006D638	0x000003D9
LoadLibraryW	-	0x0046E878	0x0006E63C	0x0006D63C	0x000003DA
MultiByteToWideChar	-	0x0046E87C	0x0006E640	0x0006D640	0x00000405
PeekNamedPipe	-	0x0046E880	0x0006E644	0x0006D644	0x00000436
QueryPerformanceCounter	-	0x0046E884	0x0006E648	0x0006D648	0x00000461
RaiseException	-	0x0046E888	0x0006E64C	0x0006D64C	0x00000477
ReadConsoleW	-	0x0046E88C	0x0006E650	0x0006D650	0x00000485
ReadFile	-	0x0046E890	0x0006E654	0x0006D654	0x00000488
RtlUnwind	-	0x0046E894	0x0006E658	0x0006D658	0x000004E9
SetEndOfFile	-	0x0046E898	0x0006E65C	0x0006D65C	0x00000526
SetEnvironmentVariableW	-	0x0046E89C	0x0006E660	0x0006D660	0x0000052A
SetFilePointerEx	-	0x0046E8A0	0x0006E664	0x0006D664	0x00000539
SetFileTime	-	0x0046E8A4	0x0006E668	0x0006D668	0x0000053C
SetLastError	-	0x0046E8A8	0x0006E66C	0x0006D66C	0x00000548
SetStdHandle	-	0x0046E8AC	0x0006E670	0x0006D670	0x00000563
SetUnhandledExceptionFilter	-	0x0046E8B0	0x0006E674	0x0006D674	0x00000587
Sleep	-	0x0046E8B4	0x0006E678	0x0006D678	0x00000597
SystemTimeToFileTime	-	0x0046E8B8	0x0006E67C	0x0006D67C	0x000005A2
SystemTimeToTzSpecificLocalTime	-	0x0046E8BC	0x0006E680	0x0006D680	0x000005A3
TerminateProcess	-	0x0046E8C0	0x0006E684	0x0006D684	0x000005A6
TlsAlloc	-	0x0046E8C4	0x0006E688	0x0006D688	0x000005B8
TlsFree	-	0x0046E8C8	0x0006E68C	0x0006D68C	0x000005B9
TlsGetValue	-	0x0046E8CC	0x0006E690	0x0006D690	0x000005BA
TlsSetValue	-	0x0046E8D0	0x0006E694	0x0006D694	0x000005BB
TzSpecificLocalTimeToSystemTime	-	0x0046E8D4	0x0006E698	0x0006D698	0x000005C3
UnhandledExceptionFilter	-	0x0046E8D8	0x0006E69C	0x0006D69C	0x000005C7
WideCharToMultiByte	-	0x0046E8DC	0x0006E6A0	0x0006D6A0	0x00000618
WinExec	-	0x0046E8E0	0x0006E6A4	0x0006D6A4	0x00000619
WriteConsoleW	-	0x0046E8E4	0x0006E6A8	0x0006D6A8	0x0000062B
WriteFile	-	0x0046E8E8	0x0006E6AC	0x0006D6AC	0x0000062C
lstrcatW	-	0x0046E8EC	0x0006E6B0	0x0006D6B0	0x00000647
lstrcmpW	-	0x0046E8F0	0x0006E6B4	0x0006D6B4	0x0000064A
lstrcmpiW	-	0x0046E8F4	0x0006E6B8	0x0006D6B8	0x0000064D
lstrlenW	-	0x0046E8F8	0x0006E6BC	0x0006D6BC	0x00000656

USER32.dll (8)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
EnumDisplayDevicesA	-	0x0046E900	0x0006E6C4	0x0006D6C4	0x000000FC
GetCursorPos	-	0x0046E904	0x0006E6C8	0x0006D6C8	0x0000013F
GetDC	-	0x0046E908	0x0006E6CC	0x0006D6CC	0x00000140
GetDesktopWindow	-	0x0046E90C	0x0006E6D0	0x0006D6D0	0x00000144
GetSystemMetrics	-	0x0046E910	0x0006E6D4	0x0006D6D4	0x000001C6
ReleaseDC	-	0x0046E914	0x0006E6D8	0x0006D6D8	0x000002F8
SystemParametersInfoW	-	0x0046E918	0x0006E6DC	0x0006D6DC	0x0000039A
wsprintfW	-	0x0046E91C	0x0006E6E0	0x0006D6E0	0x000003E7

ADVAPI32.dll (5)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetCurrentHwProfileW	-	0x0046E924	0x0006E6E8	0x0006D6E8	0x0000013C
RegCloseKey	-	0x0046E928	0x0006E6EC	0x0006D6EC	0x00000268
RegEnumKeyExW	-	0x0046E92C	0x0006E6F0	0x0006D6F0	0x00000287
RegOpenKeyExW	-	0x0046E930	0x0006E6F4	0x0006D6F4	0x00000299
RegQueryValueExW	-	0x0046E934	0x0006E6F8	0x0006D6F8	0x000002A6

GDI32.dll (9)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
BitBlt	-	0x0046E93C	0x0006E700	0x0006D700	0x00000013
CreateCompatibleBitmap	-	0x0046E940	0x0006E704	0x0006D704	0x00000030
CreateCompatibleDC	-	0x0046E944	0x0006E708	0x0006D708	0x00000031
CreateDCW	-	0x0046E948	0x0006E70C	0x0006D70C	0x00000034
DeleteDC	-	0x0046E94C	0x0006E710	0x0006D710	0x00000185
DeleteObject	-	0x0046E950	0x0006E714	0x0006D714	0x00000188
GetDIBits	-	0x0046E954	0x0006E718	0x0006D718	0x00000281
GetObjectW	-	0x0046E958	0x0006E71C	0x0006D71C	0x000002B4
SelectObject	-	0x0046E95C	0x0006E720	0x0006D720	0x0000036B

SHLWAPI.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
PathFileExistsW	-	0x0046E964	0x0006E728	0x0006D728	0x00000049

WINHTTP.dll (9)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
WinHttpCloseHandle	-	0x0046E96C	0x0006E730	0x0006D730	0x00000008
WinHttpConnect	-	0x0046E970	0x0006E734	0x0006D734	0x00000009
WinHttpCrackUrl	-	0x0046E974	0x0006E738	0x0006D738	0x00000015
WinHttpOpen	-	0x0046E978	0x0006E73C	0x0006D73C	0x00000027
WinHttpOpenRequest	-	0x0046E97C	0x0006E740	0x0006D740	0x00000028
WinHttpQueryDataAvailable	-	0x0046E980	0x0006E744	0x0006D744	0x0000002D
WinHttpReadData	-	0x0046E984	0x0006E748	0x0006D748	0x00000031
WinHttpReceiveResponse	-	0x0046E988	0x0006E74C	0x0006D74C	0x00000035
WinHttpSendRequest	-	0x0046E98C	0x0006E750	0x0006D750	0x00000038

IPHLPAPI.DLL (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetAdaptersInfo	-	0x0046E994	0x0006E758	0x0006D758	0x00000044

WININET.dll (2)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
InternetQueryDataAvailable	-	0x0046E99C	0x0006E760	0x0006D760	0x000000CA
InternetReadFile	-	0x0046E9A0	0x0006E764	0x0006D764	0x000000CE

CRYPT32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CryptStringToBinaryA	-	0x0046E9A8	0x0006E76C	0x0006D76C	0x000000E3

Memory Dumps (14)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
26422abceca3d5ce14d064e290678221.exe	1	0x00400000	0x00474FFF	Relevant Image	32-bit	0x004524B5	... Actions Go to Process Go to YARA Match Download Dump
buffer	1	0x0019D000	0x0019FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x005FF368	0x005FF3F7	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x005FF530	0x005FF605	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x005FFB50	0x005FFBCF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00600460	0x006005A3	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x006017C0	0x0060184F	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00601DF0	0x00601E7D	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x006050A0	0x00605403	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00606E70	0x0060766F	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00608A28	0x00609827	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00609830	0x00609A4F	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
26422abceca3d5ce14d064e290678221.exe	1	0x00400000	0x00474FFF	First Network Behavior	32-bit	0x004284D0	... Actions Go to Process Go to YARA Match Download Dump
26422abceca3d5ce14d064e290678221.exe	1	0x00400000	0x00474FFF	Process Termination	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump

YARA Matches (1)

Rule Name	Rule Description	Classification	Score	Actions
Lumma_v4	Lumma Stealer version 4	Spyware	5/5	... Actions Show Ruleset Show Match

efc62a860ab3c5ae0aab60c94224ea1f5b5a3fa8e2cfef82e494846ae63fa683

Downloaded File

HTML

MIME Type	text/html
File Size	4.62 KB
MD5	e7467b34cb76343cc6dacecc597211d0
SHA1	2d2cd24087cddc1f1bae478f146e4c168b3358e9
SHA256	efc62a860ab3c5ae0aab60c94224ea1f5b5a3fa8e2cfef82e494846ae63fa683
SSDeep	96:1j9jwIjYjUDK/D5DMF+k1rvJADh/pRsorRn9PaQxJbGD:1j9jhjYjIK/Vo+krRADh/pmorN9ieJGD
ImpHash	-
Static Analysis Parser Error	HTML parser encountered errors

Extracted URLs (1)

URL	WHOIS Data	Reputation Status	Recursively Submitted	Actions
https://www.cloudflare.com/5xx-error-landing	Show WHOIS	Not Available	-	... Actions Show URL Submit URL

ae36d97ef5a53fb0d258867f728036c853a87fc263ecf5aaf322c0cc524fa4b8

Downloaded File

Text

MIME Type	text/plain
File Size	79 Bytes
MD5	f6b08ea348ea1e76a9794eea45fd705c
SHA1	f589713d0a9cd906b86ee0364ab094b53b1aa142
SHA256	ae36d97ef5a53fb0d258867f728036c853a87fc263ecf5aaf322c0cc524fa4b8
SSDeep	3:vR/M6ECZExppP3wBmAdfF7UfgHS8ZAsh:JkWExppfwldftUfgy89
ImpHash	-

c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat

Modified File

Stream

MIME Type	application/octet-stream
File Size	128 Bytes
MD5	9f5bc89c2de62d6157964f3d62491be3
SHA1	6b00a6c1cee1aeacd3e37d9b3b4009ed09a32b92
SHA256	42cccd8eff99465a4bfc5f6c8c2e179a027638eb961fece2a7c1549545c4bf1f
SSDeep	3:iVl:
ImpHash	-

Remarks (1/1)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information