Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
Avira: detected |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
Malware Configuration Extractor: LummaC {"C2 url": ["outpointsozp.shop", "upknittsoappz.shop", "negotationpxczp.shop", "liernessfornicsa.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop", "callosallsaospz.shop", "indexterityszcoxp.shop", "lariatedzugspd.shop"], "Build id": "RKiJ2s--new1"} |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
ReversingLabs: Detection: 23% |
Source: Submited Sample |
Integrated Neural Analysis Model: Matched 95.5% probability |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
String decryptor: indexterityszcoxp.shop |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
String decryptor: lariatedzugspd.shop |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
String decryptor: callosallsaospz.shop |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
String decryptor: outpointsozp.shop |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
String decryptor: liernessfornicsa.shop |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
String decryptor: upknittsoappz.shop |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
String decryptor: shepherdlyopzc.shop |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
String decryptor: unseaffarignsk.shop |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
String decryptor: negotationpxczp.shop |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
String decryptor: TeslaBrowser/5.5 |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
String decryptor: - Screen Resoluton: |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
String decryptor: - Physical Installed Memory: |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
String decryptor: Workgroup: - |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
String decryptor: RKiJ2s--new1 |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: Malware configuration extractor |
URLs: outpointsozp.shop |
Source: Malware configuration extractor |
URLs: upknittsoappz.shop |
Source: Malware configuration extractor |
URLs: negotationpxczp.shop |
Source: Malware configuration extractor |
URLs: liernessfornicsa.shop |
Source: Malware configuration extractor |
URLs: shepherdlyopzc.shop |
Source: Malware configuration extractor |
URLs: unseaffarignsk.shop |
Source: Malware configuration extractor |
URLs: callosallsaospz.shop |
Source: Malware configuration extractor |
URLs: indexterityszcoxp.shop |
Source: Malware configuration extractor |
URLs: lariatedzugspd.shop |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
Static PE information: section name: `.rdat |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
Static PE information: section name: @.data |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
Static PE information: No import functions for PE file found |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC size: 0xe8000500 address: 0x0 |
Source: classification engine |
Classification label: mal100.troj.evad.winEXE@0/0@0/0 |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
ReversingLabs: Detection: 23% |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
Static PE information: Virtual size of .text is bigger than: 0x100000 |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
Static PE information: real checksum: 0x4 should be: 0x586ad |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
Static PE information: section name: `.rdat |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
Static PE information: section name: .relo |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
Static PE information: section name: @.data |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
String found in binary or memory: indexterityszcoxp.shop |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
String found in binary or memory: lariatedzugspd.shop |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
String found in binary or memory: callosallsaospz.shop |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
String found in binary or memory: outpointsozp.shop |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
String found in binary or memory: liernessfornicsa.shop |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
String found in binary or memory: upknittsoappz.shop |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
String found in binary or memory: shepherdlyopzc.shop |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
String found in binary or memory: unseaffarignsk.shop |
Source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe |
String found in binary or memory: negotationpxczp.shop |
Source: Yara match |
File source: decrypted.binstr, type: MEMORYSTR |
Source: Yara match |
File source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe, type: SAMPLE |
Source: Yara match |
File source: decrypted.binstr, type: MEMORYSTR |
Source: Yara match |
File source: 1729664799fd841a8c62d4c43fb7c0c48211664bfbdd95dbdc2c99de2ed0cddefff2ee8a7e983.dat-decoded.exe, type: SAMPLE |