Overview

overview

10

Static

static

1

lnstaIler.zip

windows10-1703-x64

1

lnstaIler.zip

windows7-x64

1

lnstaIler.zip

windows10-2004-x64

1

lnstaIler.zip

windows11-21h2-x64

1

lnstaIler.exe

windows10-1703-x64

10

lnstaIler.exe

windows7-x64

10

lnstaIler.exe

windows10-2004-x64

10

lnstaIler.exe

windows11-21h2-x64

3

Analysis

  • max time kernel
    127s
  • max time network
    135s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    04/10/2024, 17:18 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lnstaIler.exe

  • Size

    653.5MB

  • MD5

    e8744450f148d8eb69022d2aa06b14ff

  • SHA1

    5d49b88953a53cf46ed2ac2addb6444096b47e48

  • SHA256

    22207db893e95de8de487d2583adaf62d103debac5f0cb9cc722db491cd9c40f

  • SHA512

    783132cb1618a09895b15023dad20461ffd32b23b10934ccb9bbf8e01411835b73f3a80b65bb2a95733e94c0e390a8942b9a008d94e09f7799a427be9cba6686

  • SSDEEP

    98304:sOkzE6or4nv7wDWnNuYSG522R1sh12T+FLOAkGkzdnEVomFHKnPSOTZ7X:CZSW1sh1E+FLOyomFHKnPSOTZ7X

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://mobbipenju.store/api

https://eaglepawnoy.store/api

https://dissapoiznw.store/api

https://studennotediw.store/api

https://bathdoomgaz.store/api

https://spirittunek.store/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\lnstaIler.exe
    "C:\Users\Admin\AppData\Local\Temp\lnstaIler.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:3040

Network

  • flag-us
    DNS
    homedarenwj.buzz
    lnstaIler.exe
    Remote address:
    8.8.8.8:53
    Request
    homedarenwj.buzz
    IN A
    Response
    homedarenwj.buzz
    IN A
    104.21.70.45
    homedarenwj.buzz
    IN A
    172.67.219.249
  • flag-us
    POST
    https://homedarenwj.buzz/api
    lnstaIler.exe
    Remote address:
    104.21.70.45:443
    Request
    POST /api HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Content-Length: 8
    Host: homedarenwj.buzz
    Response
    HTTP/1.1 200 OK
    Date: Fri, 04 Oct 2024 17:21:53 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Set-Cookie: PHPSESSID=ntd2m862s2v1cannedhu4ivasv; expires=Tue, 28 Jan 2025 11:08:32 GMT; Max-Age=9999999; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    cf-cache-status: DYNAMIC
    vary: accept-encoding
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TBG78M1ktIqgSg4ytDKjoRwQ4DnAAoQIIvurG5b51FVGTi7WDdBfRgsJnCEgFfqv3Z%2Fjk8xhlQlqkE078dvqz3Bt3SCJW95lfSQ%2FGjBtS85lWWBLu5MASuGmKlYZ5FVf2Rwd"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8cd6d9d5cb5f48bb-LHR
  • flag-us
    DNS
    mobbipenju.store
    lnstaIler.exe
    Remote address:
    8.8.8.8:53
    Request
    mobbipenju.store
    IN A
    Response
    mobbipenju.store
    IN A
    104.21.69.130
    mobbipenju.store
    IN A
    172.67.208.181
  • flag-us
    POST
    https://mobbipenju.store/api
    lnstaIler.exe
    Remote address:
    104.21.69.130:443
    Request
    POST /api HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Content-Length: 8
    Host: mobbipenju.store
    Response
    HTTP/1.1 200 OK
    Date: Fri, 04 Oct 2024 17:21:54 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Set-Cookie: PHPSESSID=lj3uhq6brpeq6felo0c07n3mas; expires=Tue, 28 Jan 2025 11:08:33 GMT; Max-Age=9999999; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    cf-cache-status: DYNAMIC
    vary: accept-encoding
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3tsFnquRVoMjwve%2FAJGwyuArnTvUKGKDw4lxCrKho6RZ0NmbY4zeBKLEvDszinvU4Rj0KaFsr%2FGWJ0ZOQ6KccHPa8HUErXDFsvjezmJ8uAbpFOTN6HCpk2eJpbDAaVeg%2BBeV"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8cd6d9d8be39948e-LHR
  • flag-us
    DNS
    eaglepawnoy.store
    lnstaIler.exe
    Remote address:
    8.8.8.8:53
    Request
    eaglepawnoy.store
    IN A
    Response
    eaglepawnoy.store
    IN A
    172.67.156.136
    eaglepawnoy.store
    IN A
    104.21.7.235
  • flag-us
    POST
    https://eaglepawnoy.store/api
    lnstaIler.exe
    Remote address:
    172.67.156.136:443
    Request
    POST /api HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Content-Length: 8
    Host: eaglepawnoy.store
    Response
    HTTP/1.1 200 OK
    Date: Fri, 04 Oct 2024 17:21:54 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Set-Cookie: PHPSESSID=3536fsmd3to0i8buep9ae8i4o0; expires=Tue, 28 Jan 2025 11:08:33 GMT; Max-Age=9999999; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    cf-cache-status: DYNAMIC
    vary: accept-encoding
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OglytKW0t993ziDaHb7Yt7l0snCkKAz4A9sg5PGbnlQvJbEPWzptphQbbbi2El2I5K%2B7NPa30aOAZFHaWk8zcbIvB2iOkuJdM%2FAmBCxqBQIBXtR9vlwJO3wAwqPKgJUNCnmJ0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8cd6d9dbae8f641b-LHR
  • flag-us
    DNS
    45.70.21.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    45.70.21.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    dissapoiznw.store
    lnstaIler.exe
    Remote address:
    8.8.8.8:53
    Request
    dissapoiznw.store
    IN A
    Response
    dissapoiznw.store
    IN A
    172.67.168.247
    dissapoiznw.store
    IN A
    104.21.63.7
  • flag-us
    POST
    https://dissapoiznw.store/api
    lnstaIler.exe
    Remote address:
    172.67.168.247:443
    Request
    POST /api HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Content-Length: 8
    Host: dissapoiznw.store
    Response
    HTTP/1.1 200 OK
    Date: Fri, 04 Oct 2024 17:21:55 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Set-Cookie: PHPSESSID=ghfha7c1f9r85tupvgou41dfls; expires=Tue, 28 Jan 2025 11:08:34 GMT; Max-Age=9999999; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    cf-cache-status: DYNAMIC
    vary: accept-encoding
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QqZuKTuF99dLAj8SppoyoQjWolONQi2AdPsiSS%2BoLZcNllEyTpIQllAiu9hMAWqNcQwaXXnqYfQpjfWFfNBFx6E54oKXvTSpIez744kzgHmhtKtS3ioAWcL9dVuMGIFlxIsjig%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8cd6d9de8b4b94fc-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    studennotediw.store
    lnstaIler.exe
    Remote address:
    8.8.8.8:53
    Request
    studennotediw.store
    IN A
    Response
    studennotediw.store
    IN A
    172.67.186.147
    studennotediw.store
    IN A
    104.21.84.52
  • flag-us
    POST
    https://studennotediw.store/api
    lnstaIler.exe
    Remote address:
    172.67.186.147:443
    Request
    POST /api HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Content-Length: 8
    Host: studennotediw.store
    Response
    HTTP/1.1 200 OK
    Date: Fri, 04 Oct 2024 17:21:55 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Set-Cookie: PHPSESSID=mv7iqpmlpjkdoirakjf9ugl7tr; expires=Tue, 28 Jan 2025 11:08:34 GMT; Max-Age=9999999; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WPLb5baWBLwBg%2BNm1ueVLUiTChpvKRJPE5R8MaWqf%2B1s9%2FFgBBEYDEDi2QAjl1J4%2BdVXKxkRMp6jSyhoktdEbHKzP3PrKo%2FIeQZbZXCHJsj9zyFDbiBNJ3EX35d0NYe2ImtViPWG"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8cd6d9e14b1f947b-LHR
  • flag-us
    DNS
    130.69.21.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    130.69.21.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    136.156.67.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    136.156.67.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    bathdoomgaz.store
    lnstaIler.exe
    Remote address:
    8.8.8.8:53
    Request
    bathdoomgaz.store
    IN A
    Response
    bathdoomgaz.store
    IN A
    172.67.134.169
    bathdoomgaz.store
    IN A
    104.21.6.95
  • flag-us
    POST
    https://bathdoomgaz.store/api
    lnstaIler.exe
    Remote address:
    172.67.134.169:443
    Request
    POST /api HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Content-Length: 8
    Host: bathdoomgaz.store
    Response
    HTTP/1.1 200 OK
    Date: Fri, 04 Oct 2024 17:21:56 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Set-Cookie: PHPSESSID=sjn54bp019rq0nb5el17k54ffo; expires=Tue, 28 Jan 2025 11:08:34 GMT; Max-Age=9999999; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    cf-cache-status: DYNAMIC
    vary: accept-encoding
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c9iigUdwlSZCxn8py4careo6sIiKAxlRcRt81gpKzOnnkHaQisO0n1QNQAIrsO0ToQ6G9f3E8VcFuKzazlyBhkSG57MCwq6nSGG%2FG7Z6N8kMsUqYEXfb8HMwvJiy8LtMtoUXmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8cd6d9e42b0c956c-LHR
  • flag-us
    DNS
    spirittunek.store
    lnstaIler.exe
    Remote address:
    8.8.8.8:53
    Request
    spirittunek.store
    IN A
    Response
    spirittunek.store
    IN A
    104.21.9.4
    spirittunek.store
    IN A
    172.67.130.202
  • flag-us
    POST
    https://spirittunek.store/api
    lnstaIler.exe
    Remote address:
    104.21.9.4:443
    Request
    POST /api HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Content-Length: 8
    Host: spirittunek.store
    Response
    HTTP/1.1 200 OK
    Date: Fri, 04 Oct 2024 17:21:56 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Set-Cookie: PHPSESSID=54rp0b8hd5v450kmjhe3hag1ft; expires=Tue, 28 Jan 2025 11:08:35 GMT; Max-Age=9999999; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    cf-cache-status: DYNAMIC
    vary: accept-encoding
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ESmvDtGgWmvNj0MIl0KG5EsbYTFfLUPWBTKhKqP9GIZ%2BnWZKHox%2BHIae6ZX%2BY7B%2FAMqDWbrkZPa4zr%2BI6vqO%2Ff7rAgnH3Upw2LVnOavCsGh4CgHAcEE6Fw2tLsSqGSH3UFfTig%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8cd6d9e71f744141-LHR
  • flag-us
    DNS
    147.186.67.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    147.186.67.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    247.168.67.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    247.168.67.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    licendfilteo.site
    lnstaIler.exe
    Remote address:
    8.8.8.8:53
    Request
    licendfilteo.site
    IN A
    Response
  • flag-us
    DNS
    clearancek.site
    lnstaIler.exe
    Remote address:
    8.8.8.8:53
    Request
    clearancek.site
    IN A
    Response
  • flag-us
    DNS
    steamcommunity.com
    lnstaIler.exe
    Remote address:
    8.8.8.8:53
    Request
    steamcommunity.com
    IN A
    Response
    steamcommunity.com
    IN A
    104.82.234.109
  • flag-gb
    GET
    https://steamcommunity.com/profiles/76561199724331900
    lnstaIler.exe
    Remote address:
    104.82.234.109:443
    Request
    GET /profiles/76561199724331900 HTTP/1.1
    Connection: Keep-Alive
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Host: steamcommunity.com
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Content-Type: text/html; charset=UTF-8
    Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
    Expires: Mon, 26 Jul 1997 05:00:00 GMT
    Cache-Control: no-cache
    Date: Fri, 04 Oct 2024 17:21:57 GMT
    Content-Length: 34888
    Connection: keep-alive
    Set-Cookie: sessionid=cbcdf9d12d0e40ba83410a2f; Path=/; Secure; SameSite=None
    Set-Cookie: steamCountry=GB%7Ce15d564837abb028acb4e114150d704d; Path=/; Secure; HttpOnly; SameSite=None
  • flag-us
    DNS
    feelystroll.buzz
    lnstaIler.exe
    Remote address:
    8.8.8.8:53
    Request
    feelystroll.buzz
    IN A
    Response
    feelystroll.buzz
    IN A
    172.67.151.30
    feelystroll.buzz
    IN A
    104.21.0.152
  • flag-us
    POST
    https://feelystroll.buzz/api
    lnstaIler.exe
    Remote address:
    172.67.151.30:443
    Request
    POST /api HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Content-Length: 8
    Host: feelystroll.buzz
    Response
    HTTP/1.1 200 OK
    Date: Fri, 04 Oct 2024 17:21:57 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Set-Cookie: PHPSESSID=64hraana46ihoa51n21ni5uanq; expires=Tue, 28 Jan 2025 11:08:36 GMT; Max-Age=9999999; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aGQU7CT4Q9YBUTN9tO2%2BzPl8ksJ1uA8tSHpqV1yEOGjXScFlsHa%2B5qQ6nKeFzyksDIdzHmteOyQYt%2BAjZSh3V0vovuuGpQFsjesuhRz%2Bnz7z6Vat4lEBG1t%2BR643Qe2UtVdw"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8cd6d9edfc26beb0-LHR
  • flag-us
    DNS
    169.134.67.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    169.134.67.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    4.9.21.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    4.9.21.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    109.234.82.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    109.234.82.104.in-addr.arpa
    IN PTR
    Response
    109.234.82.104.in-addr.arpa
    IN PTR
    a104-82-234-109deploystaticakamaitechnologiescom
  • flag-us
    DNS
    30.151.67.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    30.151.67.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    43.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    12.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    12.173.189.20.in-addr.arpa
    IN PTR
    Response
  • 104.21.70.45:443
    https://homedarenwj.buzz/api
    tls, http
    lnstaIler.exe
    999 B
     4.5kB
     9
    9

    HTTP Request

    POST https://homedarenwj.buzz/api

    HTTP Response

    200
  • 104.21.69.130:443
    https://mobbipenju.store/api
    tls, http
    lnstaIler.exe
    999 B
     4.5kB
     9
    9

    HTTP Request

    POST https://mobbipenju.store/api

    HTTP Response

    200
  • 172.67.156.136:443
    https://eaglepawnoy.store/api
    tls, http
    lnstaIler.exe
    1.0kB
     4.6kB
     9
    9

    HTTP Request

    POST https://eaglepawnoy.store/api

    HTTP Response

    200
  • 172.67.168.247:443
    https://dissapoiznw.store/api
    tls, http
    lnstaIler.exe
    1.0kB
     4.6kB
     9
    9

    HTTP Request

    POST https://dissapoiznw.store/api

    HTTP Response

    200
  • 172.67.186.147:443
    https://studennotediw.store/api
    tls, http
    lnstaIler.exe
    1.0kB
     4.5kB
     9
    9

    HTTP Request

    POST https://studennotediw.store/api

    HTTP Response

    200
  • 172.67.134.169:443
    https://bathdoomgaz.store/api
    tls, http
    lnstaIler.exe
    1.0kB
     4.5kB
     9
    9

    HTTP Request

    POST https://bathdoomgaz.store/api

    HTTP Response

    200
  • 104.21.9.4:443
    https://spirittunek.store/api
    tls, http
    lnstaIler.exe
    1.0kB
     4.6kB
     9
    9

    HTTP Request

    POST https://spirittunek.store/api

    HTTP Response

    200
  • 104.82.234.109:443
    https://steamcommunity.com/profiles/76561199724331900
    tls, http
    lnstaIler.exe
    1.6kB
     42.4kB
     22
    37

    HTTP Request

    GET https://steamcommunity.com/profiles/76561199724331900

    HTTP Response

    200
  • 172.67.151.30:443
    https://feelystroll.buzz/api
    tls, http
    lnstaIler.exe
    999 B
     4.5kB
     9
    9

    HTTP Request

    POST https://feelystroll.buzz/api

    HTTP Response

    200
  • 8.8.8.8:53
    homedarenwj.buzz
    dns
    lnstaIler.exe
    62 B
     94 B
     1
    1

    DNS Request

    homedarenwj.buzz

    DNS Response

    104.21.70.45
    172.67.219.249

  • 8.8.8.8:53
    mobbipenju.store
    dns
    lnstaIler.exe
    62 B
     94 B
     1
    1

    DNS Request

    mobbipenju.store

    DNS Response

    104.21.69.130
    172.67.208.181

  • 8.8.8.8:53
    eaglepawnoy.store
    dns
    lnstaIler.exe
    63 B
     95 B
     1
    1

    DNS Request

    eaglepawnoy.store

    DNS Response

    172.67.156.136
    104.21.7.235

  • 8.8.8.8:53
    45.70.21.104.in-addr.arpa
    dns
    71 B
     133 B
     1
    1

    DNS Request

    45.70.21.104.in-addr.arpa

  • 8.8.8.8:53
    dissapoiznw.store
    dns
    lnstaIler.exe
    63 B
     95 B
     1
    1

    DNS Request

    dissapoiznw.store

    DNS Response

    172.67.168.247
    104.21.63.7

  • 8.8.8.8:53
    studennotediw.store
    dns
    lnstaIler.exe
    65 B
     97 B
     1
    1

    DNS Request

    studennotediw.store

    DNS Response

    172.67.186.147
    104.21.84.52

  • 8.8.8.8:53
    130.69.21.104.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    130.69.21.104.in-addr.arpa

  • 8.8.8.8:53
    136.156.67.172.in-addr.arpa
    dns
    73 B
     135 B
     1
    1

    DNS Request

    136.156.67.172.in-addr.arpa

  • 8.8.8.8:53
    bathdoomgaz.store
    dns
    lnstaIler.exe
    63 B
     95 B
     1
    1

    DNS Request

    bathdoomgaz.store

    DNS Response

    172.67.134.169
    104.21.6.95

  • 8.8.8.8:53
    spirittunek.store
    dns
    lnstaIler.exe
    63 B
     95 B
     1
    1

    DNS Request

    spirittunek.store

    DNS Response

    104.21.9.4
    172.67.130.202

  • 8.8.8.8:53
    147.186.67.172.in-addr.arpa
    dns
    73 B
     135 B
     1
    1

    DNS Request

    147.186.67.172.in-addr.arpa

  • 8.8.8.8:53
    247.168.67.172.in-addr.arpa
    dns
    73 B
     135 B
     1
    1

    DNS Request

    247.168.67.172.in-addr.arpa

  • 8.8.8.8:53
    licendfilteo.site
    dns
    lnstaIler.exe
    63 B
     128 B
     1
    1

    DNS Request

    licendfilteo.site

  • 8.8.8.8:53
    clearancek.site
    dns
    lnstaIler.exe
    61 B
     126 B
     1
    1

    DNS Request

    clearancek.site

  • 8.8.8.8:53
    steamcommunity.com
    dns
    lnstaIler.exe
    64 B
     80 B
     1
    1

    DNS Request

    steamcommunity.com

    DNS Response

    104.82.234.109

  • 8.8.8.8:53
    feelystroll.buzz
    dns
    lnstaIler.exe
    62 B
     94 B
     1
    1

    DNS Request

    feelystroll.buzz

    DNS Response

    172.67.151.30
    104.21.0.152

  • 8.8.8.8:53
    169.134.67.172.in-addr.arpa
    dns
    73 B
     135 B
     1
    1

    DNS Request

    169.134.67.172.in-addr.arpa

  • 8.8.8.8:53
    4.9.21.104.in-addr.arpa
    dns
    69 B
     131 B
     1
    1

    DNS Request

    4.9.21.104.in-addr.arpa

  • 8.8.8.8:53
    109.234.82.104.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    109.234.82.104.in-addr.arpa

  • 8.8.8.8:53
    30.151.67.172.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    30.151.67.172.in-addr.arpa

  • 8.8.8.8:53
    43.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    43.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    12.173.189.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    12.173.189.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3040-0-0x0000000000A00000-0x0000000000A5E000-memory.dmp

    Filesize

    376KB

    Download

  • memory/3040-2-0x0000000000A00000-0x0000000000A5E000-memory.dmp

    Filesize

    376KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.