General
-
Target
AmsterdamCryptoLTD.exe
-
Size
130KB
-
Sample
241222-31xgqasmdk
-
MD5
2cf4b9e8d659b05babf589d2e43c99bb
-
SHA1
6af4c7dc71687006c29b75bfac50324bc7bd8f1e
-
SHA256
6760736035348f5a320dfde45458b2dc910cd08965c6541be97dcf490ab2a149
-
SHA512
a86c2f45e1c2b9774c6e8076cfed665c776bc24fc3f52da25eb81f3222114f1c8ed998c35dcac94544ae8a6321a4d5189a13e9d99a7b5591af194a6555871f8c
-
SSDEEP
3072:Df1BDZ0kVB67Duw9AMcbbiFAjrYEOnEjbWicBGIgPjzgw0XIu0I/2jAI:D9X0G3DjrkJiUgPH/ubXI
Static task
static1
Behavioral task
behavioral1
Sample
AmsterdamCryptoLTD.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
AmsterdamCryptoLTD.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/ZipDLL.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/ZipDLL.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
Protocol: ftp- Host:
193.149.189.199 - Port:
21 - Username:
LUM - Password:
159753
Extracted
Protocol: ftp- Host:
193.149.189.199 - Port:
21 - Username:
ins - Password:
installer
Extracted
lumma
Extracted
darkcomet
Guest1690
65.38.120.136:1690
DC_MUTEX-F54S21D
-
gencode
U2oxviM8ZSYf
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
AmsterdamCryptoLTD.exe
-
Size
130KB
-
MD5
2cf4b9e8d659b05babf589d2e43c99bb
-
SHA1
6af4c7dc71687006c29b75bfac50324bc7bd8f1e
-
SHA256
6760736035348f5a320dfde45458b2dc910cd08965c6541be97dcf490ab2a149
-
SHA512
a86c2f45e1c2b9774c6e8076cfed665c776bc24fc3f52da25eb81f3222114f1c8ed998c35dcac94544ae8a6321a4d5189a13e9d99a7b5591af194a6555871f8c
-
SSDEEP
3072:Df1BDZ0kVB67Duw9AMcbbiFAjrYEOnEjbWicBGIgPjzgw0XIu0I/2jAI:D9X0G3DjrkJiUgPH/ubXI
-
Darkcomet family
-
Detect Vidar Stealer
-
Lumma family
-
Vidar family
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/InetLoad.dll
-
Size
18KB
-
MD5
994669c5737b25c26642c94180e92fa2
-
SHA1
d8a1836914a446b0e06881ce1be8631554adafde
-
SHA256
bf01a1f272e0daf82df3407690b646e0ff6b2c562e36e47cf177eda71ccb6f6c
-
SHA512
d0ab7ca7f890ef9e59015c33e6b400a0a4d1ce0d24599537e09e845f4b953e3ecd44bf3e3cbe584f57c2948743e689ed67d2d40e6caf923bd630886e89c38563
-
SSDEEP
384:nUOPTbiJmdztwwKq8W1cyMjPzV0Ac9k+LMkIX1+Gn+XHdjf:nTikliwKq8W1rMjPzz+f
Score3/10 -
-
-
Target
$PLUGINSDIR/ZipDLL.dll
-
Size
163KB
-
MD5
2dc35ddcabcb2b24919b9afae4ec3091
-
SHA1
9eeed33c3abc656353a7ebd1c66af38cccadd939
-
SHA256
6bbeb39747f1526752980d4dbec2fe2c7347f3cc983a79c92561b92fe472e7a1
-
SHA512
0ccac336924f684da1f73db2dd230a0c932c5b4115ae1fa0e708b9db5e39d2a07dc54dac8d95881a42069cbb2c2886e880cdad715deda83c0de38757a0f6a901
-
SSDEEP
3072:8CkSJJ30k1pn2T4ISnUGN+E8KnCOxA17jxLmRtWHyPDQFllOdJiSg:tkSJy+c30UxbKnA1hLKWSVdk
Score3/10 -