Trojan.Lumma.AO
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Lumma.AO |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
f2c19ce425cf756d1f8b65fee7a1dfa1
SHA1:
add58762200d0e02722ba916d203401b943dc8df
SHA256:
58F28D12B7500914AA02C7DE460BF0B7CB08A70A159D17B57205EFEAFC72329B
File Size:
349.18 KB, 349184 bytes
|
|
MD5:
2896bfa47ffd34358df47fb750b68f86
SHA1:
97c77586b4d6229747c2f96210e367c63bb6365d
SHA256:
D27E2A587370C9C249CEE01B81A2318F3AB65ABEF3766E329EEEC25FF201FD0C
File Size:
361.47 KB, 361472 bytes
|
|
MD5:
eb06166490535a187e350de63b97c2b5
SHA1:
f5cc5ea3715caf0e70e801cec23e601489a542e8
SHA256:
832A5F3D4545DDBF58E53C7953C60D67CADE17DA780781F89FB7956D04815D8A
File Size:
343.55 KB, 343552 bytes
|
|
MD5:
0cfc080ae7fad87072fec75957894b2c
SHA1:
1376ca90edbbcb919f17443bd6e735d677845a13
SHA256:
83E7388AA67EC4C46EB91B0521BEBC441ACCCD79991D25FE9EAD2B0781C1FC85
File Size:
340.99 KB, 340992 bytes
|
|
MD5:
0b256e64b148c7144da097b0bbc7ad59
SHA1:
3db5b42f1f4808c090ce1cfdd9548fcdad0d6d40
SHA256:
1DA8F915DA5A7C7DF504B358D1A39D59980940536601E2D2C66506A084ACB3EF
File Size:
343.55 KB, 343552 bytes
|
Show More
|
MD5:
3a640164f98539d0fbae7d838f108005
SHA1:
d8a31316f13621f17ccb0bb65069821fabd85378
SHA256:
126A858431FF2FBD6799A725EA344DD9781074CD90F2B3472C1BA6ACD06B1302
File Size:
338.43 KB, 338432 bytes
|
|
MD5:
caba06ade2cbf623efa9fff37cbace54
SHA1:
ff4cdb2a6064c40cda1aff13f6b62ad04151b268
SHA256:
E9C86912AA6A5EFDD1F2C9A4D1863DDB4A1E34458133028B5BEED1B627BBBBEE
File Size:
346.11 KB, 346112 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have resources
- File doesn't have security information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Traits
- No Version Info
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 776 |
|---|---|
| Potentially Malicious Blocks: | 328 |
| Whitelisted Blocks: | 101 |
| Unknown Blocks: | 347 |
Visual Map
x
x
0
0
x
x
x
0
x
x
x
x
x
0
x
x
x
0
x
x
0
x
x
0
x
x
x
x
x
x
x
?
?
x
?
?
?
?
0
?
?
x
?
?
x
x
x
?
?
x
x
x
0
0
x
x
x
x
x
x
x
x
x
x
0
x
x
0
x
x
0
x
x
x
x
0
x
x
x
0
x
x
x
0
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
0
x
x
?
?
?
?
?
x
?
?
0
?
?
?
0
0
x
0
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
0
x
x
x
x
0
x
x
x
0
x
x
?
x
x
?
0
?
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
0
x
x
x
x
?
x
x
x
x
x
x
?
?
x
x
x
x
?
x
x
x
x
x
0
x
x
x
x
x
x
x
x
0
x
x
x
x
0
x
x
x
0
x
x
x
x
0
x
x
?
x
?
x
?
x
?
x
x
?
x
?
x
x
2
x
x
x
x
x
x
0
0
x
?
?
x
x
?
?
x
0
?
x
?
?
?
x
?
?
?
?
?
x
x
0
x
0
?
x
x
?
x
0
x
0
x
?
x
x
?
x
0
x
0
0
x
x
x
x
x
0
x
x
?
0
x
?
0
x
x
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
x
x
x
x
0
?
x
x
x
x
?
x
?
?
?
?
?
?
?
0
?
?
?
x
x
?
0
x
0
0
x
x
?
0
0
0
0
0
0
x
0
x
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
x
x
x
x
x
x
0
x
0
0
x
x
x
?
?
?
?
?
?
?
?
?
x
?
?
x
x
x
?
x
x
x
?
x
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
x
?
?
?
?
?
?
?
?
?
?
?
?
x
0
x
0
?
0
0
?
0
x
x
?
?
x
?
?
?
?
?
x
?
?
?
?
0
?
?
?
?
?
x
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
x
?
0
0
0
0
0
x
0
x
x
0
x
x
x
0
x
0
x
0
?
x
?
0
0
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
x
?
x
0
x
x
x
x
x
x
x
x
x
x
?
x
x
0
x
x
?
x
0
?
x
?
0
?
?
0
x
?
?
?
?
x
0
x
x
0
?
0
?
?
?
?
?
0
x
?
?
0
0
?
?
x
x
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
x
0
x
x
x
x
x
x
?
x
x
?
?
x
0
?
x
x
x
0
?
?
?
?
?
?
?
?
?
?
?
?
x
x
x
x
x
?
?
x
?
x
?
x
x
x
?
x
x
x
?
?
?
?
?
?
?
?
?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Lumma.AO
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Encryption Used |
|
