popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

LummaC2.exe

Malicious Library UPX Malicious Packer PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 23, 2023, 9:35 a.m. Sept. 23, 2023, 9:41 a.m.
Size 474.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c2ffa5554a8f784cca5476aa87f575e8
SHA256 de5c0ce6a181e9a308d7487caaecf33082793cddf0381efa66facfef695e7459
CRC32 2CD0C57E
ssdeep 12288:EsAA+RVy+MBlSPyJVuoBa8YyANOV5qp1L0i:E7Auy/Bl6gVJa8fJV5Yx
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Malicious_Packer_Zero - Malicious Packer
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

description LummaC2.exe tried to sleep 202 seconds, actually delayed analysis time by 108 seconds
section {u'size_of_data': u'0x00066600', u'virtual_address': u'0x00001000', u'entropy': 6.832069734533302, u'name': u'.text', u'virtual_size': u'0x000665ac'} entropy 6.83206973453 description A section with a high entropy has been found
entropy 0.864836325238 description Overall entropy of this PE file is high
Bkav W32.AIDetectMalware
MicroWorld-eScan Gen:Variant.Zusy.488690
Malwarebytes Spyware.PasswordStealer
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_90% (W)
Cyren W32/Stealer.FM.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Spy.Agent.PRG
Cynet Malicious (score: 100)
APEX Malicious
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Gen:Variant.Zusy.488690
Avast Win32:TrojanX-gen [Trj]
VIPRE Gen:Variant.Zusy.488690
McAfee-GW-Edition BehavesLike.Win32.Generic.gh
Trapmine malicious.high.ml.score
FireEye Generic.mg.c2ffa5554a8f784c
Emsisoft Gen:Variant.Zusy.488690 (B)
Ikarus Trojan-Spy.Win32.Agent
Antiy-AVL Trojan[Spy]/Win32.Agent
Microsoft Program:Win32/Wacapew.C!ml
Arcabit Trojan.Zusy.D774F2
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Gen:Variant.Zusy.488690
Google Detected
AhnLab-V3 Trojan/Win.Generic.R605906
BitDefenderTheta Gen:NN.ZexaF.36722.DqW@aesJbYj
ALYac Gen:Variant.Zusy.488690
MAX malware (ai score=83)
VBA32 BScope.Malware-Cryptor.Hlux
Cylance unsafe
Panda Generic Suspicious
Rising Trojan.Generic@AI.100 (RDML:aNEfWfH8vYsP7807BTTRzw)
SentinelOne Static AI - Suspicious PE
AVG Win32:TrojanX-gen [Trj]
Cybereason malicious.c0c002
DeepInstinct MALICIOUS