Source: payload.exe |
Malware Configuration Extractor: LummaC {"C2 url": ["boredimperissvieos.shop", "holicisticscrarws.shop", "sweetsquarediaslw.shop", "plaintediousidowsko.shop", "miniaturefinerninewjs.shop", "zippyfinickysofwps.shop", "obsceneclassyjuwks.shop", "acceptabledcooeprs.shop", "pearcyworkeronej.shop"], "Build id": "uYY3NI--"} |
Source: payload.exe |
String decryptor: boredimperissvieos.shop |
Source: payload.exe |
String decryptor: holicisticscrarws.shop |
Source: payload.exe |
String decryptor: sweetsquarediaslw.shop |
Source: payload.exe |
String decryptor: plaintediousidowsko.shop |
Source: payload.exe |
String decryptor: miniaturefinerninewjs.shop |
Source: payload.exe |
String decryptor: zippyfinickysofwps.shop |
Source: payload.exe |
String decryptor: obsceneclassyjuwks.shop |
Source: payload.exe |
String decryptor: acceptabledcooeprs.shop |
Source: payload.exe |
String decryptor: pearcyworkeronej.shop |
Source: payload.exe |
String decryptor: lid=%s&j=%s&ver=4.0 |
Source: payload.exe |
String decryptor: TeslaBrowser/5.5 |
Source: payload.exe |
String decryptor: - Screen Resoluton: |
Source: payload.exe |
String decryptor: - Physical Installed Memory: |
Source: payload.exe |
String decryptor: Workgroup: - |
Source: payload.exe |
String decryptor: uYY3NI-- |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then cmp dword ptr [ebx+edi*8], CCC8066Ah |
0_2_0040C461 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then cmp dword ptr [ebx+edi*8], 5C3924FCh |
0_2_0040C615 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
0_2_0040E8D0 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then mov eax, dword ptr [esi+00000090h] |
0_2_003E3038 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then mov byte ptr [edi], al |
0_2_003F7059 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then jmp ecx |
0_2_0040E09F |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
0_2_004050A0 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then lea eax, dword ptr [edi+04h] |
0_2_003F213D |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+04h] |
0_2_003F213D |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then movzx ecx, word ptr [esi] |
0_2_0040D265 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then jmp eax |
0_2_003ED35E |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then jmp edx |
0_2_003ED35E |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then mov dword ptr [esi+20h], 00000000h |
0_2_003E1419 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+20h] |
0_2_003F8410 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+10h] |
0_2_003F4478 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+10h] |
0_2_003F4478 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then inc ebx |
0_2_003E5470 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then jmp ecx |
0_2_0040C436 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then jmp ecx |
0_2_0040D4E8 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then jmp ecx |
0_2_0040D48A |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then cmp dword ptr [ebx+edi*8], CCC8066Ah |
0_2_0040C571 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+0Ch] |
0_2_0040C571 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then mov eax, dword ptr [esp+20h] |
0_2_003E6555 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then movsx eax, byte ptr [esi+ecx] |
0_2_003DD650 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+edi] |
0_2_003D2650 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then mov edi, dword ptr [esi+04h] |
0_2_003F26BD |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then mov edi, dword ptr [esi+04h] |
0_2_003F2760 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
0_2_003D97F0 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
0_2_003F58B0 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then mov dword ptr [esi+7Ch], ecx |
0_2_003F6953 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
0_2_0040A930 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then mov byte ptr [edi], al |
0_2_003F6948 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then mov eax, dword ptr [00417EE8h] |
0_2_003F4982 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+20h] |
0_2_003F79F5 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then movzx edi, cx |
0_2_003F8A13 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then cmp dword ptr [ebx+ecx*8], FB49C974h |
0_2_00409A20 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then mov word ptr [eax], cx |
0_2_003E7ABA |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
0_2_0040EAF0 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then jmp ecx |
0_2_003EDB00 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 9EDBE8FEh |
0_2_003EDB00 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then mov ecx, dword ptr [esi+00000090h] |
0_2_003E4D32 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then mov edx, eax |
0_2_003EDDC7 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then cmp byte ptr [ecx], 00000000h |
0_2_003E1E13 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then mov esi, dword ptr [esp+0Ch] |
0_2_003DFE47 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then jmp edx |
0_2_0040DE9C |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then jmp edx |
0_2_0040DEB1 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then mov edx, eax |
0_2_003EDF3A |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 4x nop then movzx esi, ch |
0_2_0040DFE0 |
Source: Malware configuration extractor |
URLs: boredimperissvieos.shop |
Source: Malware configuration extractor |
URLs: holicisticscrarws.shop |
Source: Malware configuration extractor |
URLs: sweetsquarediaslw.shop |
Source: Malware configuration extractor |
URLs: plaintediousidowsko.shop |
Source: Malware configuration extractor |
URLs: miniaturefinerninewjs.shop |
Source: Malware configuration extractor |
URLs: zippyfinickysofwps.shop |
Source: Malware configuration extractor |
URLs: obsceneclassyjuwks.shop |
Source: Malware configuration extractor |
URLs: acceptabledcooeprs.shop |
Source: Malware configuration extractor |
URLs: pearcyworkeronej.shop |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 0_2_00401CAA GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SelectObject,DeleteDC,ReleaseDC,DeleteObject, |
0_2_00401CAA |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 0_2_003D80A0 |
0_2_003D80A0 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 0_2_00407090 |
0_2_00407090 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 0_2_003F213D |
0_2_003F213D |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 0_2_003F112E |
0_2_003F112E |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 0_2_003D4160 |
0_2_003D4160 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 0_2_0040F190 |
0_2_0040F190 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 0_2_003D3360 |
0_2_003D3360 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 0_2_003ED35E |
0_2_003ED35E |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 0_2_003E0390 |
0_2_003E0390 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 0_2_003D6480 |
0_2_003D6480 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 0_2_0040F500 |
0_2_0040F500 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 0_2_003D5720 |
0_2_003D5720 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 0_2_003D17B0 |
0_2_003D17B0 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 0_2_003FC85E |
0_2_003FC85E |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 0_2_003F2840 |
0_2_003F2840 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 0_2_003F18A0 |
0_2_003F18A0 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 0_2_003F8AC0 |
0_2_003F8AC0 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 0_2_003D4B30 |
0_2_003D4B30 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 0_2_003F5B50 |
0_2_003F5B50 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 0_2_003D2D10 |
0_2_003D2D10 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 0_2_0040EE70 |
0_2_0040EE70 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: 0_2_00409E10 |
0_2_00409E10 |
Source: C:\Users\user\Desktop\payload.exe |
Code function: String function: 003D8AF0 appears 52 times |
|
Source: C:\Users\user\Desktop\payload.exe |
Code function: String function: 003E0520 appears 194 times |
|
Source: payload.exe, 00000000.00000002.2882443595.0000000000410000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: boredimperissvieos.shop |
Source: payload.exe, 00000000.00000002.2882443595.0000000000410000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: holicisticscrarws.shop |
Source: payload.exe, 00000000.00000002.2882443595.0000000000410000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: sweetsquarediaslw.shop |
Source: payload.exe, 00000000.00000002.2882443595.0000000000410000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: plaintediousidowsko.shop |
Source: payload.exe, 00000000.00000002.2882443595.0000000000410000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: miniaturefinerninewjs.shop |
Source: payload.exe, 00000000.00000002.2882443595.0000000000410000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: zippyfinickysofwps.shop |
Source: payload.exe, 00000000.00000002.2882443595.0000000000410000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: obsceneclassyjuwks.shop |
Source: payload.exe, 00000000.00000002.2882443595.0000000000410000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: acceptabledcooeprs.shop |
Source: payload.exe, 00000000.00000002.2882443595.0000000000410000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: pearcyworkeronej.shop |