file.exe

Status: finished

Submission Time: 2024-10-19 17:29:05 +02:00

Malicious

Trojan

Spyware

Evader

LummaC, Amadey, Credential Flusher, Lumm

Comments

Details

Analysis ID:
1537802
API (Web) ID:
1537802
Analysis Started:

2024-10-19 17:29:06 +02:00
Analysis Finished:

2024-10-19 17:41:31 +02:00
MD5:
d313bd19258313aafd20436b164e808c
SHA1:
189a8c243263a4b4ade6337a9c04fb146e3d0b47
SHA256:
fba3ebbff6756032c1d3b1053f3d563912b44400aa143a4235dffe108de242fa
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 19/23

malicious

IPs

IP	Country	Detection
185.215.113.43	Portugal
185.215.113.37	Portugal
172.67.206.204	United States
Click to see the 13 hidden entries
104.102.49.254	United States
34.149.100.209	United States
185.215.113.16	Portugal
34.107.243.93	United States
34.107.221.82	United States
35.244.181.201	United States
34.117.188.166	United States
52.222.236.23	United States
35.201.103.21	United States
35.190.72.216	United States
34.160.144.191	United States
185.215.113.103	Portugal
34.120.208.123	United States

Domains

Name	IP	Detection
dissapoiznw.store	0.0.0.0
clearancek.site	0.0.0.0
spirittunek.store	0.0.0.0
Click to see the 38 hidden entries
mobbipenju.store	0.0.0.0
sergei-esenin.com	172.67.206.204
studennotediw.store	0.0.0.0
licendfilteo.site	0.0.0.0
bathdoomgaz.store	0.0.0.0
eaglepawnoy.store	0.0.0.0
steamcommunity.com	104.102.49.254
www.facebook.com	0.0.0.0
www.reddit.com	0.0.0.0
spocs.getpocket.com	0.0.0.0
content-signature-2.cdn.mozilla.net	0.0.0.0
support.mozilla.org	0.0.0.0
firefox.settings.services.mozilla.com	0.0.0.0
www.youtube.com	0.0.0.0
normandy-cdn.services.mozilla.com	35.201.103.21
detectportal.firefox.com	0.0.0.0
normandy.cdn.mozilla.net	0.0.0.0
shavar.services.mozilla.com	0.0.0.0
www.wikipedia.org	0.0.0.0
youtube.com	142.250.186.46
star-mini.c10r.facebook.com	157.240.0.35
prod.classify-client.prod.webservices.mozgcp.net	35.190.72.216
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201
twitter.com	104.244.42.65
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82
services.addons.mozilla.org	52.222.236.23
dyna.wikimedia.org	185.15.59.224
prod.remote-settings.prod.webservices.mozgcp.net	34.149.100.209
contile.services.mozilla.com	34.117.188.166
telemetry-incoming.r53-2.services.mozilla.com	34.120.208.123
prod.content-signature-chains.prod.webservices.mozgcp.net	34.160.144.191
youtube-ui.l.google.com	142.250.185.142
us-west1.prod.sumo.prod.webservices.mozgcp.net	34.149.128.2
reddit.map.fastly.net	151.101.129.140
ipv4only.arpa	192.0.0.171
prod.ads.prod.webservices.mozgcp.net	34.117.188.166
push.services.mozilla.com	34.107.243.93
example.org	93.184.215.14

URLs

Name	Detection
https://sergei-esenin.com/api
https://steamcommunity.com/profiles/76561199724331900
dissapoiznw.store
Click to see the 97 hidden entries
https://infra.spec.whatwg.org/#ascii-whitespace
https://truecolors.firefox.com/
https://screenshots.firefox.com/
https://monitor.firefox.com/user/preferences
https://www.amazon.co.uk/
https://contile.services.mozilla.com/v1/tiles
https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&l=en
https://mail.yahoo.co.jp/compose/?To=%s
https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
https://identity.mozilla.com/apps/relay
https://support.mozilla.org/products/firefoxgro.all
https://steamcommunity.com/workshop/
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
http://x1.i.lencr.org/0
http://x1.c.lencr.org/0
https://www.zhihu.com/
https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
https://broadcast.st.dl.eccdnx.com
https://login.microsoftonline.com
https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis
https://account.bellmedia.c
https://monitor.firefox.com/about
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
https://bugzilla.mozilla.org/show_bug.cgi?id=1170143
https://github.com/google/closure-compiler/issues/3177
https://www.avito.ru/
http://json-schema.org/draft-06/schema#
https://addons.mozilla.org/%LOCALE%/firefox/
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
https://webextensions.settings.services.mozilla.com/v1
https://store.steampowered.com/mobile
https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarningElem
https://monitor.firefox.com/
https://api.steampowered.com/
https://www.google.com/complete/
https://gpuweb.github.io/gpuweb/
https://watch.sling.com/
https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
https://support.mozilla.org/
https://www.olx.pl/
https://vk.com/
https://www.wykop.pl/
https://recaptcha.ne
https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
http://json-schema.org/draft-07/schema#-
https://ads.stickyadstv.com/firefox-etp
https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1&
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
https://ok.ru/
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&
https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
https://tracking-protection-issues.herokuapp.com/new
https://github.com/mozilla-services/screenshots
https://www.amazon.com/exec/obidos/external-search/
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
https://www.ecosia.org/newtab/
https://spocs.getpocket.com/spocs
https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=engli
https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=UuGFpt56D9L4&l=
https://www.gstatic.cn/recaptcha/
https://json-schema.org/draft/2019-09/schema.
https://sergei-esenin.com/
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV
http://detectportal.firefox.com/
https://bugzilla.mozilla.org/show_bug.cgi?id=1678942
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
https://static.adsafeprotected.com/firefox-etp-js
https://www.cloudflare.com/learning/access-management/phishing-attack/
http://185.215.113.37/e2b1563c6670f193.phpOA
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
https://monitor.firefox.com/user/breach-stats?includeResolved=true
https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=KkhJqW2NGKiM&l=engli
https://www.iqiyi.com/
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
https://spocs.getpocket.com/
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
https://shavar.services.mozilla.com/
https://checkout.steampowered.com/
https://help.steampowered.com/en/
https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
https://mitmdetection.services.mozilla.com/
https://bugzilla.mo
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
https://addons.mozilla.org/firefox/addon/to-google-translate/
https://www.bbc.co.uk/
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
https://www.cloudflare.com/5xx-error-landing
https://MD8.mozilla.org/1/m
https://sergei-esenin.com/api3N
https://lv.queniujq.cn

Dropped files

Name	File Type	Hashes
C:\Users\user\1000350002\5999646804.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
Click to see the 12 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\num[1].exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\1000357001\1da6543c20.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\1000401001\num.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\1000403001\97c6eb6045.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\1000406041\do.ps1	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\FZLLQ0VVX1W3FK08YM35IP182343.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\IMU7SZ0IYC01Q7JFLRVO92QDMFD.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\K9S1X32Z4VV7YP4QV4YFA7.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#

Deep Malware Analysis

file.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Deep Malware Analysis

file.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

file.exe