ScreenShot
| Created | 2024.08.11 14:29 | Machine | s1_win7_x6403 |
| Filename | 66b211924622f_LummaC2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 59 detected (AIDetectMalware, LummaStealer, Windows, Lumma, Malicious, score, Unsafe, Mint, Zard, Vhur, Genus, Attribute, HighConfidence, Artemis, Lazy, Agentb, mfxk, ccmw, l40RAgMycWH, XPACK, YXEHFZ, Real Protect, high, Detected, ai score=88, Wacatac, ZexaF, tqW@am@dg0o, BScope, TrojanPSW, Gencirc, Np7zsWAprmk, susgen, confidence) | ||
| md5 | 6796c089b30aa2e34f560a27f7d230f3 | ||
| sha256 | e5bfc88e1b74ed30d700d8c198322c04029e8db407c5f9f053a6290892b697db | ||
| ssdeep | 3072:CefSs3RBVtjrghsMMRulKGtoVQ9lX17LBW5i4CA7ciMJN/MVKfoZ278tS3hEGDFP:Ce6sYm0V8Q9ptL45AAjMJNuGl663ZN5 | ||
| imphash | d09d99a2d45d55251844f2192860ab41 | ||
| impfuzzy | 12:rwxrPTkSRGZG5TZtJjqTleIqRYzdwdV3EQg3EiA/tHqH3Q4oA7QNt25hDLO1UkH:rwxzT/CY17piqvEQ4EPlZ4Fk/wh3MUkH | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 59 AntiVirus engines on VirusTotal as malicious |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ole32.dll
0x442810 CoCreateInstance
0x442814 CoInitializeEx
0x442818 CoInitializeSecurity
0x44281c CoSetProxyBlanket
0x442820 CoUninitialize
KERNEL32.dll
0x442828 EnterCriticalSection
0x44282c ExitProcess
0x442830 GetCurrentProcessId
0x442834 GetCurrentThreadId
0x442838 GetLogicalDrives
0x44283c GetProcessVersion
0x442840 GetSystemDirectoryW
0x442844 GlobalLock
0x442848 GlobalUnlock
0x44284c LeaveCriticalSection
OLEAUT32.dll
0x442854 SysAllocString
0x442858 SysFreeString
0x44285c SysStringLen
0x442860 VariantClear
0x442864 VariantInit
USER32.dll
0x44286c CloseClipboard
0x442870 GetClipboardData
0x442874 GetDC
0x442878 GetSystemMetrics
0x44287c GetWindowLongW
0x442880 OpenClipboard
0x442884 ReleaseDC
GDI32.dll
0x44288c BitBlt
0x442890 CreateCompatibleBitmap
0x442894 CreateCompatibleDC
0x442898 DeleteDC
0x44289c DeleteObject
0x4428a0 GetCurrentObject
0x4428a4 GetDIBits
0x4428a8 GetObjectW
0x4428ac SelectObject
EAT(Export Address Table) is none
ole32.dll
0x442810 CoCreateInstance
0x442814 CoInitializeEx
0x442818 CoInitializeSecurity
0x44281c CoSetProxyBlanket
0x442820 CoUninitialize
KERNEL32.dll
0x442828 EnterCriticalSection
0x44282c ExitProcess
0x442830 GetCurrentProcessId
0x442834 GetCurrentThreadId
0x442838 GetLogicalDrives
0x44283c GetProcessVersion
0x442840 GetSystemDirectoryW
0x442844 GlobalLock
0x442848 GlobalUnlock
0x44284c LeaveCriticalSection
OLEAUT32.dll
0x442854 SysAllocString
0x442858 SysFreeString
0x44285c SysStringLen
0x442860 VariantClear
0x442864 VariantInit
USER32.dll
0x44286c CloseClipboard
0x442870 GetClipboardData
0x442874 GetDC
0x442878 GetSystemMetrics
0x44287c GetWindowLongW
0x442880 OpenClipboard
0x442884 ReleaseDC
GDI32.dll
0x44288c BitBlt
0x442890 CreateCompatibleBitmap
0x442894 CreateCompatibleDC
0x442898 DeleteDC
0x44289c DeleteObject
0x4428a0 GetCurrentObject
0x4428a4 GetDIBits
0x4428a8 GetObjectW
0x4428ac SelectObject
EAT(Export Address Table) is none