Extracted

Extracted

• • Target

    nsis1.exe

  • Size

    61.9MB

  • MD5

    87c00f1acf63055d91d72e2c3459170a

  • SHA1

    28bdb437225dcc978fd1b037d76a7028437f1205

  • SHA256

    afdc1a1e1e934f18be28465315704a12b2cd43c186fbee94f7464392849a5ad0

  • SHA512

    93feebc77b2ea21aaa9dcac5eba4638fda9b5588adf9c72f2caa381c6455c3296b118a7a4248dc274f8d8234bad10b9a9585bdb28b66d3199d25b9e5296cb419

  • SSDEEP

    1572864:PjddT+kEYRwS3EJrC12ojpoEanXKcIqWKb+zeaV0d:7T+kDwS0RCUEanX/Q8Pd

  Score

  10^/10

  discoverylummasectopratcredential_accessexecutionratspywarestealertrojan

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Enumerates processes with tasklist

    discovery
  behavioral1behavioral2