General
-
Target
AmsterdamCryptoLTD.exe
-
Size
130KB
-
Sample
241222-3r2p3sslan
-
MD5
2cf4b9e8d659b05babf589d2e43c99bb
-
SHA1
6af4c7dc71687006c29b75bfac50324bc7bd8f1e
-
SHA256
6760736035348f5a320dfde45458b2dc910cd08965c6541be97dcf490ab2a149
-
SHA512
a86c2f45e1c2b9774c6e8076cfed665c776bc24fc3f52da25eb81f3222114f1c8ed998c35dcac94544ae8a6321a4d5189a13e9d99a7b5591af194a6555871f8c
-
SSDEEP
3072:Df1BDZ0kVB67Duw9AMcbbiFAjrYEOnEjbWicBGIgPjzgw0XIu0I/2jAI:D9X0G3DjrkJiUgPH/ubXI
Static task
static1
Behavioral task
behavioral1
Sample
AmsterdamCryptoLTD.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
AmsterdamCryptoLTD.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
Protocol: ftp- Host:
193.149.189.199 - Port:
21 - Username:
LUM - Password:
159753
Extracted
Protocol: ftp- Host:
193.149.189.199 - Port:
21 - Username:
ins - Password:
installer
Extracted
lumma
Extracted
darkcomet
Guest1690
65.38.120.136:1690
DC_MUTEX-F54S21D
-
gencode
U2oxviM8ZSYf
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
AmsterdamCryptoLTD.exe
-
Size
130KB
-
MD5
2cf4b9e8d659b05babf589d2e43c99bb
-
SHA1
6af4c7dc71687006c29b75bfac50324bc7bd8f1e
-
SHA256
6760736035348f5a320dfde45458b2dc910cd08965c6541be97dcf490ab2a149
-
SHA512
a86c2f45e1c2b9774c6e8076cfed665c776bc24fc3f52da25eb81f3222114f1c8ed998c35dcac94544ae8a6321a4d5189a13e9d99a7b5591af194a6555871f8c
-
SSDEEP
3072:Df1BDZ0kVB67Duw9AMcbbiFAjrYEOnEjbWicBGIgPjzgw0XIu0I/2jAI:D9X0G3DjrkJiUgPH/ubXI
-
Darkcomet family
-
Detect Vidar Stealer
-
Lumma family
-
Vidar family
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-