DigitalSide Threat Intel

LummaC2.exe

First submission 2024-10-15 21:51:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 316.0 KB (323584 bytes)
Compile time: 2024-09-02 11:44:39
MD5: 87c2c610a32dd244906df802d9263577
SHA1: 9dee5dd7ac0b4d968d68e1f2c92aebc4487d37aa
SHA256: a6c9f6f28fbd610e67f591aea2724d4ac3c8265f23d6d8dccf45c2ec8c18c9fc
Import Hash : 9fd5b8944ce9c3acaedc650793d4996e
Sections 4 .text .rdata .data .reloc
Directories 2 import relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 59/77 VT report date: 2024-10-09 02:03:03
Malware Type 2 trojan spyware
Threat Type 3 lummastealer lumma mint

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://193.233.203.37/moon/LummaC2.exe VirusTotal Report 193.233.203.37 VirusTotal Report 2024-10-15 21:51:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x41f81 270336 cb192f08e7040903413c61dd19fa5b09eea90648 e356a56210717c52bea5eaa653d5528b
.rdata 0x43000 0x289d 10752 ef153ee69580a7bb53a74edc104b66d91720cbe6 a4720c9e2939c4ccd344bc4d8688f199
.data 0x46000 0xf0d4 23552 5ac19a3827d8887ca157988d305c92449ddd52df 2f7f783074c02c99e63594f65cc55ece
.reloc 0x56000 0x44d8 17920 b77031f5f7ada024aced4795556ca7f5f78a9651 bafab7e5f6b3229f2aaf874dff5b91fe

Strings analysis - File found

Library
OLEAUT32.dll
USER32.dll
GDI32.dll
ole32.dll
KERNEL32.dll

Import functions

Function Address Souspicious Anti Debug
BitBlt 0x4455f8
CreateCompatibleBitmap 0x4455fc
CreateCompatibleDC 0x445600
DeleteDC 0x445604
DeleteObject 0x445608
GetCurrentObject 0x44560c
GetDIBits 0x445610
GetObjectW 0x445614
SelectObject 0x445618
StretchBlt 0x44561c
Function Address Souspicious Anti Debug
CopyFileW 0x445594
ExitProcess 0x445598
GetCurrentProcess 0x44559c
GetCurrentProcessId 0x4455a0
GetCurrentThreadId 0x4455a4
GetLogicalDrives 0x4455a8
GetSystemDirectoryW 0x4455ac
GlobalLock 0x4455b0
GlobalUnlock 0x4455b4
Function Address Souspicious Anti Debug
CoCreateInstance 0x4455e0
CoInitializeEx 0x4455e4
CoInitializeSecurity 0x4455e8
CoSetProxyBlanket 0x4455ec
CoUninitialize 0x4455f0
Function Address Souspicious Anti Debug
CloseClipboard 0x4455bc
GetClipboardData 0x4455c0
GetDC 0x4455c4
GetSystemMetrics 0x4455c8
GetWindowInfo 0x4455cc
GetWindowLongW 0x4455d0
OpenClipboard 0x4455d4
ReleaseDC 0x4455d8
Function Address Souspicious Anti Debug
SysAllocString 0x445624
SysFreeString 0x445628
SysStringLen 0x44562c
VariantClear 0x445630
VariantInit 0x445634

Related files by ImpHash 4 9fd5b8944ce9c3acaedc650793d4996e

Name Latest seen MD5
u888.exe 2024-08-29 08:16:02 f4d6d6ea62cb666b6fee9d00bdb77350
yr68.exe 2024-08-31 16:12:02 ea321922de9babb9a9b8e25bed931ff6
tqh64.exe 2024-09-03 17:24:01 2d8bfa12ffd53e578028edae844e7611
ywp.exe 2024-09-04 21:43:02 6a9213568bc6a19895240ff14fd57329