c378ba093f942dd3752f303572adb9b9aaf18502942232d6dd3cb415b818c548 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

LumiaSpoof...ed.exe

windows7-x64

9

LumiaSpoof...ed.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

LumiaSpoofer.cracked.exe
Size

3.0MB
Sample

230523-lr7snaff2z
MD5

891580434abd7714385d01e9ceff875c
SHA1

df552f8644e32b0346f2b21469ca0eb6c81aab66
SHA256

c378ba093f942dd3752f303572adb9b9aaf18502942232d6dd3cb415b818c548
SHA512

3b1f49b6e9b097c5c80f66debd3a36315406cd1617f4eca09a333b3e255f311367d64b81b7014c88b749dba49215e8c6d77b6db7ee9ed99506d306f7d3a777b0
SSDEEP

49152:48smhnqAs9pJc0dnKh+Q0N1rs+vIUSg+6+8ohnRh1Na1OKM6nYAKhFQpSH3Oh5g8:rqXpy05Q0N1rsYSZ6BoXh1kkypSH3OhX

Score

9^/10

spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

LumiaSpoofer.cracked.exe

Resource

win7-20230220-en

spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

LumiaSpoofer.cracked.exe

Resource

win10v2004-20230221-en

spyware stealer upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  LumiaSpoofer.cracked.exe
- Size
  
  3.0MB
- MD5
  
  891580434abd7714385d01e9ceff875c
- SHA1
  
  df552f8644e32b0346f2b21469ca0eb6c81aab66
- SHA256
  
  c378ba093f942dd3752f303572adb9b9aaf18502942232d6dd3cb415b818c548
- SHA512
  
  3b1f49b6e9b097c5c80f66debd3a36315406cd1617f4eca09a333b3e255f311367d64b81b7014c88b749dba49215e8c6d77b6db7ee9ed99506d306f7d3a777b0
- SSDEEP
  
  49152:48smhnqAs9pJc0dnKh+Q0N1rs+vIUSg+6+8ohnRh1Na1OKM6nYAKhFQpSH3Oh5g8:rqXpy05Q0N1rsYSZ6BoXh1kkypSH3OhX
Score

9^/10

spyware stealer upx
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

spywarestealerupx

© 2018-2025

Terms | Privacy