cryptbot | 7f186c311fc66ceb1f59beba9e6f9bb07a00fba7994d85c760848753adf1129d | Triage

Submit
Reports

Overview

overview

Static

static

3

lionda.exe

windows7-x64

lionda.exe

windows10-2004-x64

Sharing

General

Target

lionda.exe
Size

7.2MB
Sample

250208-v5kpqayjgj
MD5

9a66454e4c0feb4cd1bebc8871aa850e
SHA1

cc7975b8807f3d72067dc8452a3098a0f6097f25
SHA256

7f186c311fc66ceb1f59beba9e6f9bb07a00fba7994d85c760848753adf1129d
SHA512

b90c7b5e77d0a465fa6872904d9ed752adfeae1671329c4414c61a5182643d9b9cf2add6c9f3d014ab24583eef441c7ff3c7acd6419855b9eacc85b3d7b0c932
SSDEEP

98304:0kN4q49j3XvABCrK0/cjTSsbLwnzrROD18uB0H8oy5OW:67zyCpcTSTROBHB0c/A

Score

10^/10

cryptbot lumma defense_evasion discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

lionda.exe

Resource

win7-20241010-en

cryptbot lumma defense_evasion discovery spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

lionda.exe

Resource

win10v2004-20250207-en

cryptbot defense_evasion discovery spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://berserkyfir.click/api

Extracted

Family

cryptbot

C2

http://home.fourteenff14pn.top/BVpYRBXNVJewGOxay73803

Targets

- Target
  
  lionda.exe
- Size
  
  7.2MB
- MD5
  
  9a66454e4c0feb4cd1bebc8871aa850e
- SHA1
  
  cc7975b8807f3d72067dc8452a3098a0f6097f25
- SHA256
  
  7f186c311fc66ceb1f59beba9e6f9bb07a00fba7994d85c760848753adf1129d
- SHA512
  
  b90c7b5e77d0a465fa6872904d9ed752adfeae1671329c4414c61a5182643d9b9cf2add6c9f3d014ab24583eef441c7ff3c7acd6419855b9eacc85b3d7b0c932
- SSDEEP
  
  98304:0kN4q49j3XvABCrK0/cjTSsbLwnzrROD18uB0H8oy5OW:67zyCpcTSTROBHB0c/A
Score

10^/10

cryptbot lumma defense_evasion discovery spyware stealer
- CryptBot
  CryptBot is a C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- Cryptbot family
  cryptbot
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Enumerates VirtualBox registry keys
  defense_evasion
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptbotlummadefense_evasiondiscoveryspywarestealer

behavioral2

cryptbotdefense_evasiondiscoveryspywarestealer

© 2018-2025

Terms | Privacy