ScreenShot
| Created | 2024.06.14 13:29 | Machine | s1_win7_x6401 |
| Filename | lummac2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 60 detected (AIDetectMalware, Lumma, malicious, high confidence, score, Trojanpws, Lazy, Unsafe, Lummastealer, Vonm, Attribute, HighConfidence, Artemis, TrojanPSW, ccmw, ENeCXo0bAgH, XPACK, AMADEY, YXEFJZ, Real Protect, high, Detected, ai score=88, Casdet, ABRisk, ZGCT, R652213, RnkBend, Gencirc, Static AI, Suspicious PE, susgen, SSFF, confidence) | ||
| md5 | 6e3d83935c7a0810f75dfa9badc3f199 | ||
| sha256 | dc4f0a8e3d12c98eac09a42bd976579ccc1851056d9de447495e8be7519760ed | ||
| ssdeep | 6144:3lGhYe2gss2fHZq4uCDrgcKJCMBus902mdK/WI5O7KKKDi4G:3lGhYHh0CnYZSLP7KKKD1G | ||
| imphash | fda332609aae506e39655ec159c5e3fe | ||
| impfuzzy | 12:oZGiJjJFTleH4wxrPTkimzdwdV3EQg3EiA/tHqH3Q4oA7QNt25hDLO1UkH:Yl1u4wxzTCqvEQ4EPlZ4Fk/wh3MUkH | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 60 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | lumma_Stealer | Lumma Stealer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43f79c ExitProcess
0x43f7a0 GetLastError
0x43f7a4 GetLogicalDrives
0x43f7a8 GetSystemDirectoryW
0x43f7ac GlobalLock
0x43f7b0 GlobalUnlock
ole32.dll
0x43f7b8 CoCreateInstance
0x43f7bc CoInitializeEx
0x43f7c0 CoInitializeSecurity
0x43f7c4 CoSetProxyBlanket
0x43f7c8 CoUninitialize
OLEAUT32.dll
0x43f7d0 SysAllocString
0x43f7d4 SysFreeString
0x43f7d8 SysStringLen
0x43f7dc VariantClear
0x43f7e0 VariantInit
USER32.dll
0x43f7e8 CloseClipboard
0x43f7ec GetClipboardData
0x43f7f0 GetDC
0x43f7f4 GetSystemMetrics
0x43f7f8 GetWindowLongW
0x43f7fc OpenClipboard
0x43f800 ReleaseDC
GDI32.dll
0x43f808 BitBlt
0x43f80c CreateCompatibleBitmap
0x43f810 CreateCompatibleDC
0x43f814 DeleteDC
0x43f818 DeleteObject
0x43f81c GetCurrentObject
0x43f820 GetDIBits
0x43f824 GetObjectW
0x43f828 SelectObject
EAT(Export Address Table) is none
KERNEL32.dll
0x43f79c ExitProcess
0x43f7a0 GetLastError
0x43f7a4 GetLogicalDrives
0x43f7a8 GetSystemDirectoryW
0x43f7ac GlobalLock
0x43f7b0 GlobalUnlock
ole32.dll
0x43f7b8 CoCreateInstance
0x43f7bc CoInitializeEx
0x43f7c0 CoInitializeSecurity
0x43f7c4 CoSetProxyBlanket
0x43f7c8 CoUninitialize
OLEAUT32.dll
0x43f7d0 SysAllocString
0x43f7d4 SysFreeString
0x43f7d8 SysStringLen
0x43f7dc VariantClear
0x43f7e0 VariantInit
USER32.dll
0x43f7e8 CloseClipboard
0x43f7ec GetClipboardData
0x43f7f0 GetDC
0x43f7f4 GetSystemMetrics
0x43f7f8 GetWindowLongW
0x43f7fc OpenClipboard
0x43f800 ReleaseDC
GDI32.dll
0x43f808 BitBlt
0x43f80c CreateCompatibleBitmap
0x43f810 CreateCompatibleDC
0x43f814 DeleteDC
0x43f818 DeleteObject
0x43f81c GetCurrentObject
0x43f820 GetDIBits
0x43f824 GetObjectW
0x43f828 SelectObject
EAT(Export Address Table) is none