top title background image
flash

Setup.exe

Status: finished
Submission Time: 2025-01-07 14:34:06 +01:00
Malicious
Trojan
Spyware
Evader
LummaC

Comments

Tags

  • AutoIT
  • exe
  • LummaStealer

Details

  • Analysis ID:
    1585342
  • API (Web) ID:
    1585342
  • Analysis Started:
    2025-01-07 14:34:07 +01:00
  • Analysis Finished:
    2025-01-07 14:40:33 +01:00
  • MD5:
    873f5709bf55a0aaf991044c645cf8eb
  • SHA1:
    feb9447ba639dff591fb3202dc2709e721e27def
  • SHA256:
    633da69035ee5fe3ee2f2f006eab37321c7c127e0a5c39ecaea9a38acc5cb228
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 6/24
malicious

IPs

IP Country Detection
104.21.80.1
United States
185.161.251.21
United Kingdom
104.102.49.254
United States

Domains

Name IP Detection
sputnik-1985.com
104.21.80.1
noisycuttej.shop
0.0.0.0
yokesandusj.sbs
0.0.0.0
Click to see the 12 hidden entries
nearycrepso.shop
0.0.0.0
rabidcowse.shop
0.0.0.0
wholersorie.shop
0.0.0.0
iqEcklosdyCxilSwLDOcKOPdDDq.iqEcklosdyCxilSwLDOcKOPdDDq
0.0.0.0
framekgirus.shop
0.0.0.0
tirepublicerj.shop
0.0.0.0
cegu.shop
185.161.251.21
steamcommunity.com
104.102.49.254
cloudewahsj.shop
0.0.0.0
dfgh.online
0.0.0.0
klipvumisui.shop
0.0.0.0
abruptyopsn.shop
0.0.0.0

URLs

Name Detection
yokesandusj.sbs
https://sputnik-1985.com/api
https://contoso.com/
Click to see the 31 hidden entries
cloudewahsj.shop
noisycuttej.shop
nearycrepso.shop
https://aka.ms/pscore6lB
https://cegu.shop/8574262446/ph.txt
http://schemas.xmlsoap.org/wsdl/
https://github.com/Pester/Pester
https://nuget.org/nuget.exe
https://dfgh.online
framekgirus.shop
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.microsoft.co_
tirepublicerj.shop
abruptyopsn.shop
wholersorie.shop
https://aka.ms/winsvr-2022-pshelp
https://steamcommunity.com/profiles/76561199724331900
https://dfgh.online/invoker.php?compName=user-PC
http://pesterbdd.com/images/Pester.png
http://schemas.xmlsoap.org/soap/encoding/
rabidcowse.shop
http://www.apache.org/licenses/LICENSE-2.0.html
https://go.micro
http://nuget.org/NuGet.exe
https://contoso.com/License
https://contoso.com/Icon
https://dfgh.online/invoker.php?compName=
http://www.autoitscript.com/autoit3/X
http://nsis.sf.net/NSIS_ErrorError
https://www.autoitscript.com/autoit3/
http://go.micros

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\811185\M.com
PE32 executable (GUI) Intel 80386, for MS Windows
#