Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
Malware Configuration Extractor: LummaC {"C2 url": ["tendencctywop.shop", "keennylrwmqlw.shop", "licenseodqwmqn.shop", "tryyudjasudqo.shop", "tesecuuweqo.shop", "eemmbryequo.shop", "relaxatinownio.shop", "reggwardssdqw.shop"], "Build id": "DtiPjR--myfile"} |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
ReversingLabs: Detection: 15% |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
Joe Sandbox ML: detected |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
String decryptor: tryyudjasudqo.shop |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
String decryptor: eemmbryequo.shop |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
String decryptor: reggwardssdqw.shop |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
String decryptor: relaxatinownio.shop |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
String decryptor: tesecuuweqo.shop |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
String decryptor: tendencctywop.shop |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
String decryptor: licenseodqwmqn.shop |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
String decryptor: keennylrwmqlw.shop |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
String decryptor: licenseodqwmqn.shop |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
String decryptor: TeslaBrowser/5.5 |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
String decryptor: - Screen Resoluton: |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
String decryptor: - Physical Installed Memory: |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
String decryptor: Workgroup: - |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
String decryptor: DtiPjR--myfile |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: Malware configuration extractor |
URLs: tendencctywop.shop |
Source: Malware configuration extractor |
URLs: keennylrwmqlw.shop |
Source: Malware configuration extractor |
URLs: licenseodqwmqn.shop |
Source: Malware configuration extractor |
URLs: tryyudjasudqo.shop |
Source: Malware configuration extractor |
URLs: tesecuuweqo.shop |
Source: Malware configuration extractor |
URLs: eemmbryequo.shop |
Source: Malware configuration extractor |
URLs: relaxatinownio.shop |
Source: Malware configuration extractor |
URLs: reggwardssdqw.shop |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
Static PE information: section name: @.data |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
Static PE information: No import functions for PE file found |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
Static PE information: Data appended to the last section found |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: classification engine |
Classification label: mal84.troj.evad.winEXE@0/0@0/0 |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
ReversingLabs: Detection: 15% |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
Static PE information: section name: .relo |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
Static PE information: section name: @.data |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
String found in binary or memory: tryyudjasudqo.shop |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
String found in binary or memory: eemmbryequo.shop |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
String found in binary or memory: reggwardssdqw.shop |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
String found in binary or memory: relaxatinownio.shop |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
String found in binary or memory: tesecuuweqo.shop |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
String found in binary or memory: tendencctywop.shop |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
String found in binary or memory: licenseodqwmqn.shop |
Source: 17280510295b445988b983a0ba49d44db487bf2f71dfa528305f86c932b16b62f2d30add9d700.dat-decoded.exe |
String found in binary or memory: keennylrwmqlw.shop |
Source: Yara match |
File source: decrypted.binstr, type: MEMORYSTR |
Source: Yara match |
File source: decrypted.binstr, type: MEMORYSTR |