ScreenShot
| Created | 2024.07.20 20:27 | Machine | s1_win7_x6401 |
| Filename | LummaC2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 54 detected (AIDetectMalware, LummaStealer, malicious, high confidence, score, TrojanAitInject, Artemis, Unsafe, Lazy, Vikh, Attribute, HighConfidence, ccmw, YglkxfxvbwO, XPACK, YXEGSZ, Real Protect, high, Detected, ai score=82, Wacatac, Leonem, ABTrojan, YNYT, R657991, Lumma, Convagent, susgen, confidence) | ||
| md5 | 3d2133fcf75f684b0b8d0152c8304c9b | ||
| sha256 | 7e68cd5a60b4a11b55de891dfa4700081856afdae18fb44fcb5c62eb46d8c52f | ||
| ssdeep | 6144:iNyGUtxP8AnCkKXly63556TF1bTjLkyblgwZcp0/BQ:iNyXnvnCAzdblup0 | ||
| imphash | 93d38faa538d34592b2dd571bcadf806 | ||
| impfuzzy | 12:rwxrPTkJZG5TZtJjqTleRzdwdV3EQg3EiA/tHqH3Q4oA7QNt25hDLO1UkH:rwxzTiY173qvEQ4EPlZ4Fk/wh3MUkH | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 54 AntiVirus engines on VirusTotal as malicious |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | lumma_Stealer | Lumma Stealer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ole32.dll
0x44080c CoCreateInstance
0x440810 CoInitializeEx
0x440814 CoInitializeSecurity
0x440818 CoSetProxyBlanket
0x44081c CoUninitialize
KERNEL32.dll
0x440824 ExitProcess
0x440828 GetCurrentProcessId
0x44082c GetCurrentThreadId
0x440830 GetLogicalDrives
0x440834 GetProcessVersion
0x440838 GetSystemDirectoryW
0x44083c GlobalLock
0x440840 GlobalUnlock
OLEAUT32.dll
0x440848 SysAllocString
0x44084c SysFreeString
0x440850 SysStringLen
0x440854 VariantClear
0x440858 VariantInit
USER32.dll
0x440860 CloseClipboard
0x440864 GetClipboardData
0x440868 GetDC
0x44086c GetSystemMetrics
0x440870 GetWindowLongW
0x440874 OpenClipboard
0x440878 ReleaseDC
GDI32.dll
0x440880 BitBlt
0x440884 CreateCompatibleBitmap
0x440888 CreateCompatibleDC
0x44088c DeleteDC
0x440890 DeleteObject
0x440894 GetCurrentObject
0x440898 GetDIBits
0x44089c GetObjectW
0x4408a0 SelectObject
EAT(Export Address Table) is none
ole32.dll
0x44080c CoCreateInstance
0x440810 CoInitializeEx
0x440814 CoInitializeSecurity
0x440818 CoSetProxyBlanket
0x44081c CoUninitialize
KERNEL32.dll
0x440824 ExitProcess
0x440828 GetCurrentProcessId
0x44082c GetCurrentThreadId
0x440830 GetLogicalDrives
0x440834 GetProcessVersion
0x440838 GetSystemDirectoryW
0x44083c GlobalLock
0x440840 GlobalUnlock
OLEAUT32.dll
0x440848 SysAllocString
0x44084c SysFreeString
0x440850 SysStringLen
0x440854 VariantClear
0x440858 VariantInit
USER32.dll
0x440860 CloseClipboard
0x440864 GetClipboardData
0x440868 GetDC
0x44086c GetSystemMetrics
0x440870 GetWindowLongW
0x440874 OpenClipboard
0x440878 ReleaseDC
GDI32.dll
0x440880 BitBlt
0x440884 CreateCompatibleBitmap
0x440888 CreateCompatibleDC
0x44088c DeleteDC
0x440890 DeleteObject
0x440894 GetCurrentObject
0x440898 GetDIBits
0x44089c GetObjectW
0x4408a0 SelectObject
EAT(Export Address Table) is none