Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
|
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
AsyncRAT | AsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection. It is an open source remote administration tool, however, it could also be used maliciously because it provides functionality such as keylogger, remote desktop control, and many other functions that may cause harm to the victims computer. In addition, AsyncRAT can be delivered via various methods such as spear-phishing, malvertising, exploit kit and other techniques. | No Attribution |
|
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
SmokeLoader | The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body. |
|
|
AV Detection |
---|
Source: |
Avira: |
Source: |
URL Reputation: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
Source: |
Avira: |
||
Source: |
Avira: |
||
Source: |
Avira: |
||
Source: |
Avira: |
Source: |
Malware Configuration Extractor: |
||
Source: |
Malware Configuration Extractor: |
||
Source: |
Malware Configuration Extractor: |
||
Source: |
Malware Configuration Extractor: |
Source: |
ReversingLabs: |
||
Source: |
ReversingLabs: |
||
Source: |
ReversingLabs: |
||
Source: |
ReversingLabs: |
Source: |
ReversingLabs: |
Source: |
Integrated Neural Analysis Model: |
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
Source: |
Joe Sandbox ML: |
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
||
Source: |
String decryptor: |
Source: |
Code function: |
31_2_02EC7A10 |
Source: |
Binary or memory string: |
memstr_46ba3798-7 |
Source: |
Static PE information: |
Source: |
File opened: |
Jump to behavior |
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
Spreading |
---|
Source: |
System file written: |
Jump to behavior | ||
Source: |
System file written: |
Jump to behavior | ||
Source: |
System file written: |
Jump to behavior |
Source: |
Code function: |
5_2_00BA29E2 | |
Source: |
Code function: |
17_2_00EE29E2 |
Source: |
Code function: |
5_2_00BA2B8C |
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior |
Source: |
Code function: |
31_2_02EC72DD | |
Source: |
Code function: |
31_2_02EC72DD | |
Source: |
Code function: |
31_2_02EB3260 | |
Source: |
Code function: |
31_2_02EC91C0 | |
Source: |
Code function: |
31_2_02EC7189 | |
Source: |
Code function: |
31_2_02EC7189 | |
Source: |
Code function: |
31_2_02EE7E80 | |
Source: |
Code function: |
31_2_02EC2E51 | |
Source: |
Code function: |
31_2_02ED6F80 | |
Source: |
Code function: |
31_2_02ED6F80 | |
Source: |
Code function: |
31_2_02ED6F80 | |
Source: |
Code function: |
31_2_02ED6F80 | |
Source: |
Code function: |
31_2_02EE3CD0 | |
Source: |
Code function: |
31_2_02EBFCB0 | |
Source: |
Code function: |
31_2_02EBFCB0 | |
Source: |
Code function: |
31_2_02EC6CB0 | |
Source: |
Code function: |
31_2_02EEA479 | |
Source: |
Code function: |
31_2_02EE9C20 | |
Source: |
Code function: |
31_2_02EC7DEB | |
Source: |
Code function: |
31_2_02EC7DEB | |
Source: |
Code function: |
31_2_02EC82CB | |
Source: |
Code function: |
31_2_02EB3A80 | |
Source: |
Code function: |
31_2_02EC3A2A | |
Source: |
Code function: |
31_2_02ED6210 | |
Source: |
Code function: |
31_2_02EC43E5 | |
Source: |
Code function: |
31_2_02ED4BF0 | |
Source: |
Code function: |
31_2_02ED4BF0 | |
Source: |
Code function: |
31_2_02EE1BF0 | |
Source: |
Code function: |
31_2_02ED33B6 | |
Source: |
Code function: |
31_2_02ECB360 | |
Source: |
Code function: |
31_2_02EEB350 | |
Source: |
Code function: |
31_2_02EEB350 | |
Source: |
Code function: |
31_2_02EEB350 | |
Source: |
Code function: |
31_2_02EC30F6 | |
Source: |
Code function: |
31_2_02EC30F6 | |
Source: |
Code function: |
31_2_02EB38D0 | |
Source: |
Code function: |
31_2_02ECE086 | |
Source: |
Code function: |
31_2_02ECE086 | |
Source: |
Code function: |
31_2_02EE8880 | |
Source: |
Code function: |
31_2_02EC5871 | |
Source: |
Code function: |
31_2_02EEB840 | |
Source: |
Code function: |
31_2_02EEB840 | |
Source: |
Code function: |
31_2_02EBA000 | |
Source: |
Code function: |
31_2_02ECD810 | |
Source: |
Code function: |
31_2_02ED41A0 | |
Source: |
Code function: |
31_2_02EB8960 | |
Source: |
Code function: |
31_2_02EB8960 | |
Source: |
Code function: |
31_2_02EEB160 | |
Source: |
Code function: |
31_2_02EEB160 | |
Source: |
Code function: |
31_2_02EEB160 | |
Source: |
Code function: |
31_2_02ECB920 | |
Source: |
Code function: |
31_2_02ECB920 | |
Source: |
Code function: |
31_2_02EC1937 | |
Source: |
Code function: |
31_2_02EC6EF8 | |
Source: |
Code function: |
31_2_02EC66B0 | |
Source: |
Code function: |
31_2_02EC4E68 | |
Source: |
Code function: |
31_2_02EC4E68 | |
Source: |
Code function: |
31_2_02EC4E68 | |
Source: |
Code function: |
31_2_02EC3678 | |
Source: |
Code function: |
31_2_02ED37B6 | |
Source: |
Code function: |
31_2_02EEA706 | |
Source: |
Code function: |
31_2_02EEB700 | |
Source: |
Code function: |
31_2_02EEB700 | |
Source: |
Code function: |
31_2_02EEB700 | |
Source: |
Code function: |
31_2_02EE6710 | |
Source: |
Code function: |
31_2_02EBE450 | |
Source: |
Code function: |
31_2_02ECEC06 | |
Source: |
Code function: |
31_2_02EC3DE6 | |
Source: |
Code function: |
31_2_02ED65F0 | |
Source: |
Code function: |
31_2_02EB2DD0 | |
Source: |
Code function: |
31_2_02EEB5A0 | |
Source: |
Code function: |
31_2_02EEB5A0 | |
Source: |
Code function: |
31_2_02EEB5A0 | |
Source: |
Code function: |
31_2_02EC1D52 |
Networking |
---|
Source: |
Network Connect: |
Jump to behavior | ||
Source: |
Network Connect: |
Jump to behavior | ||
Source: |
Network Connect: |
Jump to behavior | ||
Source: |
Network Connect: |
Jump to behavior | ||
Source: |
Network Connect: |
Jump to behavior | ||
Source: |
Network Connect: |
Jump to behavior | ||
Source: |
Network Connect: |
Jump to behavior | ||
Source: |
Network Connect: |
Jump to behavior | ||
Source: |
Network Connect: |
Jump to behavior | ||
Source: |
Network Connect: |
Jump to behavior |
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
Source: |
DNS query: |
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
||
Source: |
Network traffic detected: |
Source: |
Network traffic detected: |
Source: |
TCP traffic: |
||
Source: |
TCP traffic: |
||
Source: |
TCP traffic: |
Source: |
HTTP traffic detected: |