Extracted

Extracted

• • Target

    0a69d3ba92afa086f53a06a4cad12eb3cd866cc3498f0ab7c0b762949226b52b

  • Size

    8.0MB

  • MD5

    9691989ff51f7fc8ab2f6f43d7d00ed4

  • SHA1

    82be5e566b2bc4fcd9989fcc4129e338b71eaeb4

  • SHA256

    0a69d3ba92afa086f53a06a4cad12eb3cd866cc3498f0ab7c0b762949226b52b

  • SHA512

    902fd3abe8eb8a5e3c6548f0ac471d5034df405510ad7f88f56010d18e59f6731ba9ecf89d2fc0eb837755bf66d85686d7fa10094172b86b658e9b78a0958b8f

  • SSDEEP

    196608:Sx7DhAj/QmUqyCXyYObER5nREx457iqpl0Kfqnu3wkywaw:ISjYxqbX5OQRV+G7R0KiuRKw

  Score

  10^/10

  cryptbotcredential_accessdiscoveryspywarestealerlumma

  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2