ScreenShot
| Created | 2025.01.08 13:47 | Machine | s1_win7_x6401 |
| Filename | LummaC2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 51 detected (AIDetectMalware, LummaStealer, Malicious, score, Artemis, Unsafe, Mint, Zard, Vzmj, confidence, 100%, GenusT, EGWX, Attribute, HighConfidence, high confidence, Convagent, TrojanPSW, LummaC, ccmw, 4GhwlW5QpOO, Lumma, Real Protect, high, Static AI, Malicious PE, Detected, 11VMAPP, Eldorado, R686935, BScope, Genetic, Gencirc) | ||
| md5 | e05271b0cfba06ea6333a1f006edd129 | ||
| sha256 | 84adf7ea7a1e5dfa1de268f754ec9e80d45a1e0ae055a6d2e139ffd7f822f7b7 | ||
| ssdeep | 6144:+eGlkYytRzWO72BJkaLweWTKG8rWkXYh6n5HtYPq/n0Cae5bfF6Lk9HWVqBPEo2b:FYuR6O723kaLnMh653xQLkBWVqBco2to | ||
| imphash | 71e0d6fab5f31c6d74b68ae2c05f0d5a | ||
| impfuzzy | 24:ULO317ZttlZ4izFk/wh39Ukxk/wxcTCq1EQ4ED:U6317ZflZ40Fk/h2ksZQD | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x443d0c CreateProcessW
0x443d10 ExitProcess
0x443d14 GetCommandLineW
0x443d18 GetCurrentProcessId
0x443d1c GetCurrentThreadId
0x443d20 GetLogicalDrives
0x443d24 GetSystemDirectoryW
0x443d28 GlobalLock
0x443d2c GlobalUnlock
SHELL32.dll
0x443d34 SHEmptyRecycleBinW
0x443d38 SHGetFileInfoW
0x443d3c SHGetSpecialFolderPathW
USER32.dll
0x443d44 CloseClipboard
0x443d48 GetClipboardData
0x443d4c GetDC
0x443d50 GetForegroundWindow
0x443d54 GetSystemMetrics
0x443d58 GetWindowLongW
0x443d5c OpenClipboard
0x443d60 ReleaseDC
GDI32.dll
0x443d68 BitBlt
0x443d6c CreateCompatibleBitmap
0x443d70 CreateCompatibleDC
0x443d74 CreateDIBSection
0x443d78 DeleteDC
0x443d7c DeleteObject
0x443d80 GetCurrentObject
0x443d84 GetDIBits
0x443d88 GetObjectW
0x443d8c GetPixel
0x443d90 SelectObject
0x443d94 StretchBlt
ole32.dll
0x443d9c CoCreateInstance
0x443da0 CoInitializeEx
0x443da4 CoInitializeSecurity
0x443da8 CoQueryClientBlanket
0x443dac CoSetProxyBlanket
0x443db0 CoUninitialize
OLEAUT32.dll
0x443db8 SysAllocString
0x443dbc SysFreeString
0x443dc0 VariantClear
0x443dc4 VariantInit
EAT(Export Address Table) is none
KERNEL32.dll
0x443d0c CreateProcessW
0x443d10 ExitProcess
0x443d14 GetCommandLineW
0x443d18 GetCurrentProcessId
0x443d1c GetCurrentThreadId
0x443d20 GetLogicalDrives
0x443d24 GetSystemDirectoryW
0x443d28 GlobalLock
0x443d2c GlobalUnlock
SHELL32.dll
0x443d34 SHEmptyRecycleBinW
0x443d38 SHGetFileInfoW
0x443d3c SHGetSpecialFolderPathW
USER32.dll
0x443d44 CloseClipboard
0x443d48 GetClipboardData
0x443d4c GetDC
0x443d50 GetForegroundWindow
0x443d54 GetSystemMetrics
0x443d58 GetWindowLongW
0x443d5c OpenClipboard
0x443d60 ReleaseDC
GDI32.dll
0x443d68 BitBlt
0x443d6c CreateCompatibleBitmap
0x443d70 CreateCompatibleDC
0x443d74 CreateDIBSection
0x443d78 DeleteDC
0x443d7c DeleteObject
0x443d80 GetCurrentObject
0x443d84 GetDIBits
0x443d88 GetObjectW
0x443d8c GetPixel
0x443d90 SelectObject
0x443d94 StretchBlt
ole32.dll
0x443d9c CoCreateInstance
0x443da0 CoInitializeEx
0x443da4 CoInitializeSecurity
0x443da8 CoQueryClientBlanket
0x443dac CoSetProxyBlanket
0x443db0 CoUninitialize
OLEAUT32.dll
0x443db8 SysAllocString
0x443dbc SysFreeString
0x443dc0 VariantClear
0x443dc4 VariantInit
EAT(Export Address Table) is none