Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
Malware Configuration Extractor: LummaC {"C2 url": ["stitchmiscpaew.shop", "grassemenwji.shop", "exmptiondixv.shop", "ignoracndwko.shop", "preachstrwnwjw.shop", "complainnykso.shop", "basedsymsotp.shop", "charistmatwio.shop", "commisionipwn.shop"], "Build id": "eFtdO8--"} |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
ReversingLabs: Detection: 15% |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
Joe Sandbox ML: detected |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
String decryptor: commisionipwn.shop |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
String decryptor: stitchmiscpaew.shop |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
String decryptor: ignoracndwko.shop |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
String decryptor: grassemenwji.shop |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
String decryptor: charistmatwio.shop |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
String decryptor: basedsymsotp.shop |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
String decryptor: complainnykso.shop |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
String decryptor: preachstrwnwjw.shop |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
String decryptor: exmptiondixv.shop |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
String decryptor: TeslaBrowser/5.5 |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
String decryptor: - Screen Resoluton: |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
String decryptor: - Physical Installed Memory: |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
String decryptor: Workgroup: - |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
String decryptor: eFtdO8-- |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: Malware configuration extractor |
URLs: stitchmiscpaew.shop |
Source: Malware configuration extractor |
URLs: grassemenwji.shop |
Source: Malware configuration extractor |
URLs: exmptiondixv.shop |
Source: Malware configuration extractor |
URLs: ignoracndwko.shop |
Source: Malware configuration extractor |
URLs: preachstrwnwjw.shop |
Source: Malware configuration extractor |
URLs: complainnykso.shop |
Source: Malware configuration extractor |
URLs: basedsymsotp.shop |
Source: Malware configuration extractor |
URLs: charistmatwio.shop |
Source: Malware configuration extractor |
URLs: commisionipwn.shop |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
Static PE information: section name: @.data |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
Static PE information: No import functions for PE file found |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
Static PE information: Data appended to the last section found |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: classification engine |
Classification label: mal84.troj.evad.winEXE@0/0@0/0 |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
ReversingLabs: Detection: 15% |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
Static PE information: section name: .relo |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
Static PE information: section name: @.data |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
String found in binary or memory: commisionipwn.shop |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
String found in binary or memory: stitchmiscpaew.shop |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
String found in binary or memory: ignoracndwko.shop |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
String found in binary or memory: grassemenwji.shop |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
String found in binary or memory: charistmatwio.shop |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
String found in binary or memory: basedsymsotp.shop |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
String found in binary or memory: complainnykso.shop |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
String found in binary or memory: preachstrwnwjw.shop |
Source: 1728051009ddd37f05bf17e06320c562854414579dfbd5afdf77d133a3e128c4a10feb2469902.dat-decoded.exe |
String found in binary or memory: exmptiondixv.shop |
Source: Yara match |
File source: decrypted.binstr, type: MEMORYSTR |
Source: Yara match |
File source: decrypted.binstr, type: MEMORYSTR |