Overview

overview

10

Static

static

3

Codex/AlphaFS.dll

windows7-x64

1

Codex/AlphaFS.dll

windows10-2004-x64

1

Codex/Codex.exe

windows7-x64

3

Codex/Codex.exe

windows10-2004-x64

10

Codex/libEGL.dll

windows7-x64

1

Codex/libEGL.dll

windows10-2004-x64

1

Codex/modu...47.dll

windows10-2004-x64

1

Codex/swif...GL.dll

windows7-x64

1

Codex/swif...GL.dll

windows10-2004-x64

1

Codex/swif...v2.dll

windows7-x64

1

Codex/swif...v2.dll

windows10-2004-x64

1

Codex/vulkan-1.dll

windows7-x64

1

Codex/vulkan-1.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-04-2024 22:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Codex/Codex.exe

  • Size

    467KB

  • MD5

    70f6d06865408e4ebecce19dab22ea8b

  • SHA1

    7a5be2cd521dd1e51730f058db4a3a58288fdd8f

  • SHA256

    80446b2068c39aed04c4af46d71013f5f2bd9f435cdae425a0a5c602def4fe74

  • SHA512

    9632ac36a52fbf9ac09e4aaf33b13dd8047a66f76d3c3302b27b66fb63b54c2479c5b10ad41740461af45607dca7c8dfffdff7eef999ced62851e8928026aa5b

  • SSDEEP

    12288:C0tmAIxuYBgt3BeqVXhEsbRejDfVbby7Mpt:9qw534gKsVe/tiwt

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Codex\Codex.exe
    "C:\Users\Admin\AppData\Local\Temp\Codex\Codex.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4996
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
        PID:5276
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 356
        2⤵
        • Program crash
        PID:4148
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4996 -ip 4996
      1⤵
        PID:1976
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3996 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:2068

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4996-0-0x0000000000B20000-0x0000000000B96000-memory.dmp
          Filesize

          472KB

          Download
        • memory/4996-6-0x0000000000B20000-0x0000000000B96000-memory.dmp
          Filesize

          472KB

          Download
        • memory/5276-1-0x0000000000400000-0x000000000044F000-memory.dmp
          Filesize

          316KB

          Download
        • memory/5276-3-0x0000000000400000-0x000000000044F000-memory.dmp
          Filesize

          316KB

          Download
        • memory/5276-4-0x0000000000400000-0x000000000044F000-memory.dmp
          Filesize

          316KB

          Download
        • memory/5276-5-0x0000000000400000-0x000000000044F000-memory.dmp
          Filesize

          316KB

          Download