ScreenShot
| Created | 2024.03.31 11:18 | Machine | s1_win7_x6403 |
| Filename | LummaC2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 55 detected (Common, Lumma, malicious, high confidence, score, Trojanpws, Lazy, unsafe, Vlpm, Attribute, HighConfidence, SpywareX, ccmw, k7Bg2E47UNV, XPACK, LUMMASTEALER, YXEC2Z, high, Detected, ai score=82, PSWTroj, Casdet, ABSpyware, ZOJB, R641439, BScope, DBadur, Gencirc, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | fd9d245c5ab2238d566259492d7e9115 | ||
| sha256 | 8839e1ba21fa6606dd8a69d32dd023b8a0d846fcafe32ba4e222cd558364e171 | ||
| ssdeep | 6144:MT/juqb7DTl9/VWccoT2B8MIRckmx3d/mv:MDjxb7xeeR2xYv | ||
| imphash | 35aaf7370cf963e2b849e9d1409bfad0 | ||
| impfuzzy | 12:oZGiJjleH4wxrPTkimzdwdV3EQg3EiA/tHqH3Q4oANt25hDLO1Uk9:Ylc4wxzTCqvEQ4EPlZ4F/wh3MUk9 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 55 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43b6cc ExitProcess
0x43b6d0 GetLastError
0x43b6d4 GetStdHandle
0x43b6d8 GlobalLock
0x43b6dc GlobalUnlock
ole32.dll
0x43b6e4 CoCreateInstance
0x43b6e8 CoInitializeEx
0x43b6ec CoInitializeSecurity
0x43b6f0 CoSetProxyBlanket
0x43b6f4 CoUninitialize
OLEAUT32.dll
0x43b6fc SysAllocString
0x43b700 SysFreeString
0x43b704 SysStringLen
0x43b708 VariantClear
0x43b70c VariantInit
USER32.dll
0x43b714 CloseClipboard
0x43b718 GetClipboardData
0x43b71c GetDC
0x43b720 GetSystemMetrics
0x43b724 OpenClipboard
0x43b728 ReleaseDC
GDI32.dll
0x43b730 BitBlt
0x43b734 CreateCompatibleBitmap
0x43b738 CreateCompatibleDC
0x43b73c DeleteDC
0x43b740 DeleteObject
0x43b744 GetCurrentObject
0x43b748 GetDIBits
0x43b74c GetObjectW
0x43b750 SelectObject
0x43b754 SelectPalette
EAT(Export Address Table) is none
KERNEL32.dll
0x43b6cc ExitProcess
0x43b6d0 GetLastError
0x43b6d4 GetStdHandle
0x43b6d8 GlobalLock
0x43b6dc GlobalUnlock
ole32.dll
0x43b6e4 CoCreateInstance
0x43b6e8 CoInitializeEx
0x43b6ec CoInitializeSecurity
0x43b6f0 CoSetProxyBlanket
0x43b6f4 CoUninitialize
OLEAUT32.dll
0x43b6fc SysAllocString
0x43b700 SysFreeString
0x43b704 SysStringLen
0x43b708 VariantClear
0x43b70c VariantInit
USER32.dll
0x43b714 CloseClipboard
0x43b718 GetClipboardData
0x43b71c GetDC
0x43b720 GetSystemMetrics
0x43b724 OpenClipboard
0x43b728 ReleaseDC
GDI32.dll
0x43b730 BitBlt
0x43b734 CreateCompatibleBitmap
0x43b738 CreateCompatibleDC
0x43b73c DeleteDC
0x43b740 DeleteObject
0x43b744 GetCurrentObject
0x43b748 GetDIBits
0x43b74c GetObjectW
0x43b750 SelectObject
0x43b754 SelectPalette
EAT(Export Address Table) is none