Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
|
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
AsyncRAT | AsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection. It is an open source remote administration tool, however, it could also be used maliciously because it provides functionality such as keylogger, remote desktop control, and many other functions that may cause harm to the victims computer. In addition, AsyncRAT can be delivered via various methods such as spear-phishing, malvertising, exploit kit and other techniques. | No Attribution |
|
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
SmokeLoader | The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body. |
|
|
AV Detection |
---|
Source: |
Avira: |
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
||
Source: |
Avira URL Cloud: |
Source: |
Avira: |
Source: |
Malware Configuration Extractor: |
||
Source: |
Malware Configuration Extractor: |
||
Source: |
Malware Configuration Extractor: |
||
Source: |
Malware Configuration Extractor: |
Source: |
Virustotal: |
Perma Link | ||
Source: |
Virustotal: |
Perma Link | ||
Source: |
Virustotal: |
Perma Link | ||
Source: |
Virustotal: |
Perma Link | ||
Source: |
Virustotal: |
Perma Link | ||
Source: |
Virustotal: |
Perma Link | ||
Source: |
Virustotal: |
Perma Link | ||
Source: |
Virustotal: |
Perma Link | ||
Source: |
Virustotal: |
Perma Link | ||
Source: |
Virustotal: |
Perma Link | ||
Source: |
Virustotal: |
Perma Link | ||
Source: |
Virustotal: |
Perma Link | ||
Source: |
Virustotal: |
Perma Link | ||
Source: |
Virustotal: |
Perma Link |
Source: |
ReversingLabs: |
||
Source: |
ReversingLabs: |
||
Source: |
ReversingLabs: |
||
Source: |
ReversingLabs: |
Source: |
Virustotal: |
Perma Link |
Source: |
Integrated Neural Analysis Model: |
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
Source: |
Joe Sandbox ML: |
Source: |
Code function: |
16_2_03067A10 |
Source: |
Binary or memory string: |
memstr_ab5431ce-4 |
Source: |
Static PE information: |
Source: |
HTTPS traffic detected: |
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
||
Source: |
HTTPS traffic detected: |
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
Source: |
Code function: |
20_2_6C87FBAE |
Source: |
Code function: |
16_2_03053260 | |
Source: |
Code function: |
16_2_030672DD | |
Source: |
Code function: |
16_2_030672DD | |
Source: |
Code function: |
16_2_03067189 | |
Source: |
Code function: |
16_2_03067189 | |
Source: |
Code function: |
16_2_030691C0 | |
Source: |
Code function: |
16_2_03076F80 | |
Source: |
Code function: |
16_2_03076F80 | |
Source: |
Code function: |
16_2_03076F80 | |
Source: |
Code function: |
16_2_03076F80 | |
Source: |
Code function: |
16_2_03062E51 | |
Source: |
Code function: |
16_2_03087E80 | |
Source: |
Code function: |
16_2_03067DEB | |
Source: |
Code function: |
16_2_03067DEB | |
Source: |
Code function: |
16_2_03089C20 | |
Source: |
Code function: |
16_2_0308A479 | |
Source: |
Code function: |
16_2_0305FCB0 | |
Source: |
Code function: |
16_2_0305FCB0 | |
Source: |
Code function: |
16_2_03066CB0 | |
Source: |
Code function: |
16_2_03083CD0 | |
Source: |
Code function: |
16_2_0308B350 | |
Source: |
Code function: |
16_2_0308B350 | |
Source: |
Code function: |
16_2_0308B350 | |
Source: |
Code function: |
16_2_0306B360 | |
Source: |
Code function: |
16_2_030733B6 | |
Source: |
Code function: |
16_2_030643E5 | |
Source: |
Code function: |
16_2_03074BF0 | |
Source: |
Code function: |
16_2_03074BF0 | |
Source: |
Code function: |
16_2_03081BF0 | |
Source: |
Code function: |
16_2_03076210 | |
Source: |
Code function: |
16_2_03063A2A | |
Source: |
Code function: |
16_2_03053A80 | |
Source: |
Code function: |
16_2_030682CB | |
Source: |
Code function: |
16_2_0306B920 | |
Source: |
Code function: |
16_2_0306B920 | |
Source: |
Code function: |
16_2_03061937 | |
Source: |
Code function: |
16_2_03058960 | |
Source: |
Code function: |
16_2_03058960 | |
Source: |
Code function: |
16_2_0308B160 | |
Source: |
Code function: |
16_2_0308B160 | |
Source: |
Code function: |
16_2_0308B160 | |
Source: |
Code function: |
16_2_0307617A | |
Source: |
Code function: |
16_2_030741A0 | |
Source: |
Code function: |
16_2_0305A000 | |
Source: |
Code function: |
16_2_0306D810 | |
Source: |
Code function: |
16_2_0308B840 | |
Source: |
Code function: |
16_2_0308B840 | |
Source: |
Code function: |
16_2_03065871 | |
Source: |
Code function: |
16_2_0306E086 | |
Source: |
Code function: |
16_2_0306E086 | |
Source: |
Code function: |
16_2_03088880 | |
Source: |
Code function: |
16_2_030538D0 | |
Source: |
Code function: |
16_2_030630F6 | |
Source: |
Code function: |
16_2_030630F6 | |
Source: |
Code function: |
16_2_0308B700 | |
Source: |
Code function: |
16_2_0308B700 | |
Source: |
Code function: |
16_2_0308B700 | |
Source: |
Code function: |
16_2_0308A706 | |
Source: |
Code function: |
16_2_03086710 | |
Source: |
Code function: |
16_2_030737B6 | |
Source: |
Code function: |
16_2_03064E68 | |
Source: |
Code function: |
16_2_03064E68 | |
Source: |
Code function: |
16_2_03064E68 | |
Source: |
Code function: |
16_2_03063678 | |
Source: |
Code function: |
16_2_030666B0 | |
Source: |
Code function: |
16_2_03066EF8 | |
Source: |
Code function: |
16_2_03061D52 | |
Source: |
Code function: |
16_2_0308B5A0 | |
Source: |
Code function: |
16_2_0308B5A0 | |
Source: |
Code function: |
16_2_0308B5A0 | |
Source: |
Code function: |
16_2_03052DD0 | |
Source: |
Code function: |
16_2_03063DE6 | |
Source: |
Code function: |
16_2_030765F0 | |
Source: |
Code function: |
16_2_0306EC06 | |
Source: |
Code function: |
16_2_0305E450 |
Networking |
---|
Source: |
Network Connect: |
Jump to behavior | ||
Source: |
Network Connect: |
Jump to behavior | ||
Source: |
Network Connect: |
Jump to behavior | ||
Source: |
Network Connect: |
Jump to behavior | ||
Source: |
Network Connect: |
Jump to behavior | ||
Source: |
Network Connect: |
Jump to behavior | ||
Source: |
Network Connect: |
Jump to behavior | ||
Source: |
Network Connect: |
Jump to behavior | ||
Source: |
Network Connect: |
Jump to behavior | ||
Source: |
Network Connect: |
Jump to behavior |
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
||
Source: |
URLs: |
Source: |
DNS query: |
Source: |
Network traffic detected: |
Source: |
TCP traffic: |
||
Source: |
TCP traffic: |
Source: |
HTTP traffic detected: |