Try VMRay Platform
Malicious
Classifications

Spyware

Threat Names

Lumma

Dynamic Analysis Report

Created on 2024-03-12T12:27:21+00:00

dump-6543a0e7a2ea57ba5db1ac10.exe

Windows Exe (x86-32)
...
Filters:
File Name Category Type Verdict Actions
C:\Users\OqXZRaykm\Desktop\dump-6543a0e7a2ea57ba5db1ac10.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 648.00 KB
MD5 8105bea466a6fa33f6a784264c93c4de Copy to Clipboard
SHA1 a2eb551d3ae8085137ced193dc6e9ee709e263bf Copy to Clipboard
SHA256 af400d4d0de757bd2d71cda03ba008aaa9964ffab2e6b67b8db6f1d17ecd17c3 Copy to Clipboard
SSDeep 12288:j9BKLU6W89lIWmpEQceEOksGw8u+NGoLAr7cvxuWaKuHSvzXTs2B:Zc46RlI1SQ3vkJlFsPcv7uyrXTh Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x00400000
Entry Point 0x0047560C
Size Of Code 0x0008E800
Size Of Initialized Data 0x0000E600
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-04-30 14:16 (UTC)
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x0008E711 0x0008E800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.73
.rdata 0x00490000 0x0000BBAC 0x0000BC00 0x0008EC00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.14
.data 0x0049C000 0x000017F0 0x00000C00 0x0009A800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.95
.00cfg 0x0049E000 0x00000008 0x00000200 0x0009B400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.33
.voltbl 0x0049F000 0x00000034 0x00000200 0x0009B600 2.48
.reloc 0x004A0000 0x00001BD0 0x00001C00 0x0009B800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 2.24
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
Lumma_C2 LummaC2 Stealer Spyware
5/5
...
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image