Payload Details
| First Seen | 2025-01-20 (Login for timestamps) |
|---|---|
| Last Seen | 2025-01-26 |
| SHA256 | b18cebbbfea253c5be93a66f96352e0de18fe51c9b13d340d2b483ccf36d3953 |
| Filetype | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 4 sections |
| Size | 369,472 bytes |
| Signing Attributes |
The certificate chain validates successfully to a trusted anchor.Chain ValidThe certificate was issued by a separate CA, not by itself.Not Self-SignedThe certificate is not reported as revoked by the revocation checks that were performed.Not RevokedThe chain terminates in a certificate present in a trusted root store.Trusted Root |
| Authenticode | ✗ (BAD_DIGEST|BAD_SIGNATURE) |
| Distributed By | Amadey (Login) |
| Countries |  Login for country information |
| UnpacMe ID | 528726c6-0fbe-48d4-af2c-5122d0b44b95 |
| UnpacMe Detections | TYPE:INFOSTEALERMALWARE:Lumma StealerRULE:LummaStealer |
| Sandbox DetectionsYara and Suricata matches | Unknown |
| Malcat Kesakode | Unknown |
| Download |
Signature Information
Certificate
| Thumbprint (SHA256) | 22a3c23e08c7dbb4e7f4591e58c04285c0514c2894e3c418ad157d817d7edf3c |
|---|---|
| Thumbprint (SHA1) | e8c15b4c98ad91e051ee5af5f524a8729050b2a2 |
| Serial Number | 33000003de8d56825af1a4a9670000000003de |
| Subject | |
| Issuer | |
| Not Before | 2020-12-15 21:24:20 |
| Not After | 2021-12-02 21:24:20 |
Monitored Sandbox Execution
Login required
Non-Monitored Sandbox Execution
Login required
Tasks of Origin (8)
First Seen (UTC)  |
Last Seen (UTC) |
Family | Botnet | Exit | Task Data | View |
|---|---|---|---|---|---|---|
| 2025-01-14 | 2025-01-28 | amadey | Login | | ||
| 2025-01-14 | 2025-01-28 | amadey | Login | | ||
| 2025-01-14 | 2025-01-28 | amadey | Login | | ||
| 2025-01-14 | 2025-01-28 | amadey | Login | | ||
| 2025-01-14 | 2025-01-28 | amadey | Login | | ||
| 2025-01-14 | 2025-01-28 | amadey | Login | | ||
| 2025-01-14 | 2025-01-28 | amadey | Login | | ||
| 2025-01-14 | 2025-01-28 | amadey | Login | |