popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

LummaC2.exe

PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us March 31, 2024, 11:14 a.m. March 31, 2024, 11:18 a.m.
Size 290.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 fd9d245c5ab2238d566259492d7e9115
SHA256 8839e1ba21fa6606dd8a69d32dd023b8a0d846fcafe32ba4e222cd558364e171
CRC32 B8E2045A
ssdeep 6144:MT/juqb7DTl9/VWccoT2B8MIRckmx3d/mv:MDjxb7xeeR2xYv
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x32000c
lummac2+0x90ce @ 0x8e90ce
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 83 46 08 ff 75 23 53 57 8d 7e 04 c7 46 0c 00 00
exception.instruction: add dword ptr [esi + 8], -1
exception.exception_code: 0xc0000005
exception.symbol: RtlLeaveCriticalSection+0x9 RtlEnterCriticalSection-0x37
exception.address: 0x1ee2279
registers.esp: 2750984
registers.edi: 2751012
registers.eax: 39
registers.ebp: 2750988
registers.edx: 32383600
registers.ebx: 2751040
registers.esi: 9519460
registers.ecx: 0
1 0 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1572
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00320000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x00009800', u'virtual_address': u'0x0003c000', u'entropy': 7.156139780916412, u'name': u'.data', u'virtual_size': u'0x0000a7fc'} entropy 7.15613978092 description A section with a high entropy has been found
Bkav W32.Common.FA42D784
Lionic Trojan.Win32.Lumma.i!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CAT-QuickHeal Trojanpws.Lumma
Skyhigh BehavesLike.Win32.Generic.dh
ALYac Gen:Variant.Lazy.449542
Cylance unsafe
VIPRE Gen:Variant.Lazy.449542
Sangfor Spyware.Win32.Lazy.Vlpm
K7AntiVirus Spyware ( 005af7031 )
BitDefender Gen:Variant.Lazy.449542
K7GW Spyware ( 005af7031 )
Cybereason malicious.c5ab22
Arcabit Trojan.Lazy.D6DC06
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Spy.Agent.QLD
APEX Malicious
Avast Win32:SpywareX-gen [Trj]
Kaspersky Trojan-PSW.Win32.Lumma.vc
Alibaba TrojanSpy:Win32/SpywareX.1b50cb03
NANO-Antivirus Virus.Win32.Gen.ccmw
MicroWorld-eScan Gen:Variant.Lazy.449542
Rising Spyware.Agent!8.C6 (TFE:2:k7Bg2E47UNV)
Emsisoft Gen:Variant.Lazy.449542 (B)
F-Secure Trojan.TR/Crypt.XPACK.Gen
TrendMicro TrojanSpy.Win32.LUMMASTEALER.YXEC2Z
Trapmine malicious.high.ml.score
FireEye Generic.mg.fd9d245c5ab2238d
Sophos Mal/Generic-S
Ikarus Trojan-Spy.Win32.Agent
Google Detected
Avira TR/Crypt.XPACK.Gen
MAX malware (ai score=82)
Antiy-AVL Trojan[PSW]/Win32.Lumma
Kingsoft Win32.PSWTroj.Undef.a
Gridinsoft Spy.Win32.Keylogger.sa
Microsoft Trojan:Win32/Casdet!rfn
ViRobot Trojan.Win.Z.Lazy.297472.D
ZoneAlarm Trojan-PSW.Win32.Lumma.vc
GData Gen:Variant.Lazy.449542
Varist W32/ABSpyware.ZOJB-0310
AhnLab-V3 Trojan/Win.Generic.R641439
BitDefenderTheta AI:Packer.B62796E61E
DeepInstinct MALICIOUS
VBA32 BScope.Trojan.DBadur
Malwarebytes Generic.Malware/Suspicious
TrendMicro-HouseCall TrojanSpy.Win32.LUMMASTEALER.YXEC2Z
Tencent Malware.Win32.Gencirc.1406f2fb
SentinelOne Static AI - Malicious PE