lamp.exe

First submission 2024-09-03 16:12:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 1744.5 KB (1786368 bytes)
Compile time: 2024-08-23 15:14:53
MD5: 68542ccb1dbce6ed08f452a53d9d08c0
SHA1: edb30c1007a946c76ae51acf3b45918ede16c3e4
SHA256: 8e84c53178f9724d608c00a624e3efa68492d9269949a98eda8d5687c9c5cb36
Import Hash : 2eabe9054cad5152567f0699947a2c5b
Sections 7 .rsrc .idata wwlaweht lqgyjmwp .taggant
Directories 2 import relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 37/79 VT report date: 2024-09-03 15:58:24
Malware Type 1 trojan
Threat Type 2 pwsx stealc

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://31.41.244.9/nokia/lamp.exe VirusTotal Report 31.41.244.9 VirusTotal Report 2024-09-03 16:12:02

PE Sections 6 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
0x1000 0x23d000 80896 d99a7217cebbfd60f5f164fb7abe25642abd4b41 d06d8b33a09c1c7892af96ece73ede73
.rsrc 0x23e000 0x1000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x23f000 0x1000 512 5ddb4f9813a4bab7ce7ecfde3d29073258d2c2b4 380655991303f284fcb90ef8e49522a1
0x240000 0x2a0000 512 0b29422664a1aa9cd12c211b408d98dc95b22325 787b51443cfa985a60136bf51bc9d243
wwlaweht 0x4e0000 0x19d000 1690624 0b542e16021af62c199f106e257003434f3cd611 9bd210e22e7cb893b4fe9895840a6629
lqgyjmwp 0x67d000 0x1000 1024 9087d044038b37da02d9572245a2e80ae3007551 b8be4eef32424aacba0a7a80f208c3ac
.taggant 0x67e000 0x3000 8704 3e044288d8d3c9cb158241e2066d7020c91d0c94 98186dd0a1ce935534798281523085d4

Strings analysis - File found

Library
MSVCRT.dll
KERNEL32.dll

Import functions

Name Latest seen MD5
builder.exe 2023-02-01 16:59:03 71169e2bb6e19b3c3edcd7d8f3d6d3f1
random.exe 2024-05-19 20:21:02 d7153d7505810d7600f9c3d879eb344d
random.exe 2024-05-30 13:39:02 5b92f2d747654de7258e0a1b92e8800c
random.exe 2024-05-30 13:40:02 fcf91c5536050feef02c4f31d2bcadcc
sarra.exe 2024-05-30 13:33:02 7768e0cf2b9e571d6da5498bfa81d6fc
random.exe 2024-05-30 17:14:02 e25317bc8e09044cd19df691f2078316
random.exe 2024-05-30 17:12:02 3eaecc080bd77a152119127af73707b3
sarra.exe 2024-05-30 17:13:02 c11d2e44aa3ffef22a3f41ac3432a4a3
random.exe 2024-06-04 22:58:02 713a645c9524d137db3c5547b12708f7
sarra.exe 2024-06-04 23:00:03 10813bac0740848c94f38a687efafd03
random.exe 2024-06-04 23:19:03 4be144e00cac43d4f322b6a9baca9dad
lenin.exe 2024-06-06 05:44:02 9af8f8becc44507318bc70e70a898488
kenzo.exe 2024-06-11 16:51:03 8d9501061e3c3a3255f1643685a45b87
random.exe 2024-06-14 16:08:08 562aebb8c1532478b331ab682d6cfefe
num.exe 2024-06-24 12:29:02 bd034ca154769f1df2a8ceb60c204380
amadka.exe 2024-06-28 21:43:19 48748ca4d44fb37a2bae87561b9c9628
random.exe 2024-07-26 01:56:02 353a5658d91ce23243d408d8f0d21340
enter.exe 2024-07-26 09:25:02 6f59ce88b52487bba7eb59e81525c4f5
enter.exe 2024-07-26 13:32:02 33a84ea233fe9fe1b4c85e533a228bbd
random.exe 2024-07-26 14:42:02 2f8340243dafb72a273d5afe0bc4bb5c
enter.exe 2024-07-26 17:01:02 44653b124b4a62d8fd4bb6fc5f48be05
random.exe 2024-07-27 16:19:02 246a2188eb95e0eda77ad4891c4dc765
random.exe? 2024-08-26 11:18:02 2f403e10e45293e1bcb5253aa422dffb
leto.exe 2024-08-26 12:59:02 2c828ff1d5f16164afe4f5428420d66f
random.exe 2024-08-28 02:41:02 6e5042ff1ec6df9aee18f4eea7864524
emptyfilename.tmp 2024-08-28 12:37:02 8a88665eb48a805506f8c70dc2471c16
random.exe 2024-09-01 21:56:21 b95bace368ebdca478fcaf4279b38399
random.exe 2024-09-01 22:48:02 5f608251065b3a8efb3d707df00ffede
random.exe 2024-09-02 06:58:02 457d9a15d305df62fe34c5076f3cad9d