lumma | ba83b8bb4234d477f5bcb33a26ce1fca131b721ae2fc61834cc2c63ebf8fc412

Sharing

Copy URL

Twitter E-mail

General

Target

Filmora9.zip
Size

635.5MB
Sample

230313-2b8b9acc84
MD5

8831fe1782304b6129e68e705dc8e034
SHA1

f22c5d4820505be9b62b16df32fd073ed68000a7
SHA256

ba83b8bb4234d477f5bcb33a26ce1fca131b721ae2fc61834cc2c63ebf8fc412
SHA512

363494d39ca534c1521c29d4b3cfcce15682e0a02b52a2e259865375784678ec16abb164bef9c7f61868581e04f24f012cfb2fe30f8c4817462b454573baf643
SSDEEP

3145728:JKbMAXJR+579zSbQzuB3d00IKSzuSUM8RcPkVqTsl6WMmPpB/A:JYwZ9WQzANIrcNRbzl6WN4

Score

10^/10

Malware Config

Targets

- Target
  
  Filmora9.zip
- Size
  
  635.5MB
- MD5
  
  8831fe1782304b6129e68e705dc8e034
- SHA1
  
  f22c5d4820505be9b62b16df32fd073ed68000a7
- SHA256
  
  ba83b8bb4234d477f5bcb33a26ce1fca131b721ae2fc61834cc2c63ebf8fc412
- SHA512
  
  363494d39ca534c1521c29d4b3cfcce15682e0a02b52a2e259865375784678ec16abb164bef9c7f61868581e04f24f012cfb2fe30f8c4817462b454573baf643
- SSDEEP
  
  3145728:JKbMAXJR+579zSbQzuB3d00IKSzuSUM8RcPkVqTsl6WMmPpB/A:JYwZ9WQzANIrcNRbzl6WN4
Score

1^/10
behavioral1 behavioral2
- Target
  
  Filmora9/Effect/Merge/LinearLight.jpg
- Size
  
  536KB
- MD5
  
  66748de6d302445638050eb138365514
- SHA1
  
  3d76358649269f039d99c71975b6e00f1beaefe5
- SHA256
  
  7b0e959b30942bdb8192481ebd0f6f14acaa31ee867cb26bede064a02c2015bb
- SHA512
  
  b8e5eaf7380bbf827e47adcac2a7d149b542b059cedeed0ceacba938eac9d5b2b1449a35d2f60ae7e6dba1e8b56c9c66fd7748cd7455d8a2087c8da9091b7e16
- SSDEEP
  
  12288:lNo50a7fI+78n250TPaZ2DKXbXo72wM+IyPSrxwyapZUdeQYjk/:le50a57HZ2Di47TM+IsSrxWZUdeLje
Score

3^/10
behavioral3 behavioral4
- Target
  
  Filmora9/Effect/opencl/Merge/Woven16_9.png
- Size
  
  394KB
- MD5
  
  efb8d2b0813da86b75d25d98be6c0d74
- SHA1
  
  5cb512f86c220a884baa716ebd5cce3f1008d7ca
- SHA256
  
  74c68ef5a1808ae6f95df0af2c9dd0c0d6b5407e42434fded66817182d3d610d
- SHA512
  
  90111c276b3ad849a0986fc5bfc20219de493c452a8eb8d4950fa6246727e7d62e2def19d0f7f256aa2b3315ddcb500c81c2e90a1f9ebaf082d7ded367459358
- SSDEEP
  
  12288:BhYDhmPFColObX3I04snJ1H1PNqSPtjhe0mG/8h:BhYDhzbo01nJ1HHzPtjRmth
Score

3^/10
behavioral5 behavioral6
- Target
  
  Filmora9/Effect/opencl/Merge/Woven4_3.png
- Size
  
  310KB
- MD5
  
  55d8b6cecc6ebc80c42a94a14613c135
- SHA1
  
  08ef7f55666145d36f62d75643d27a5ab6b1b22d
- SHA256
  
  71a580d4bbb221221d0c9b00f1c95f78619603e6a5d0ba8a03a64ad21849358e
- SHA512
  
  196033a2479c9b946a3915974fb593199f6e1af6c9fcea2a61cf81e1b63f0038c49b73a3d1a195ef908588860cf725fddc99569a03604b3045df775df222d3d3
- SSDEEP
  
  6144:oPckcgN8FJX0AVpl872TDWrQb+ZTM+d59p2PrJIVcC9gjm:oPcXn0AVn871rQKZT9npErWVO6
Score

3^/10
behavioral7 behavioral8
- Target
  
  Filmora9/Filmora.exe
- Size
  
  143KB
- MD5
  
  2b5f1a573ecaeaa00157c594fb507995
- SHA1
  
  3b7a29cf0081d735741efcd9384b23de64e12338
- SHA256
  
  5ec69ddfad63216095655cfd621865c83641d559ba8c749e1c937e4561dcab7e
- SHA512
  
  988ddeb6cd9c1616963382bf75b06bee19931db03a18acb7050ffcd512146815c6eaa31f2f53ad319052e3569892b86bb9d29c3e65253e50b28e74ae74538b95
- SSDEEP
  
  1536:z9DsEqyI866rxALJTYI91KaU+zc2Xpp8eNptWGkUnTs2ZBpki0g16E9azjXCAAk9:ZFpIStG31Kn4zTPNkGEzjSIneTX02202
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral10 behavioral9
- Target
  
  Filmora9/FilmoraHdpiConfig.exe
- Size
  
  490KB
- MD5
  
  f0ccfc0b85778d0effc6862a50371420
- SHA1
  
  24504af8a363b581c20f350702a5a43ab76b925c
- SHA256
  
  df7ab8ce93bd3cf5158c6b9e6c4411df3a6812cf7adc56f4c686b14e71160277
- SHA512
  
  ab4b109bbf25249a01315d85cfe0cba4311f5f5e7e370a79bae6c50c5e97f568197d8f25e42013f39e552a8f571cba8b5a027c852403bb56dd09477cf321f9ea
- SSDEEP
  
  6144:u9kIKHXAMk3j8sOW7wMi4M5oU1Vh5vVclGIMmATNrhDt7uzi1j0u27Gz:RIDM5oU1Vh5vVclGIMmA5VxqG1wu2W
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral11 behavioral12
- Target
  
  Filmora9/MediaInfo.dll
- Size
  
  13KB
- MD5
  
  196d05fef372b53a5366e9293fb9a890
- SHA1
  
  bbee77eb3a08c49b8ea97c810b64e13953fef645
- SHA256
  
  8477298e2104fbb8b9e37db82c5f1038dc490300285434617337ebe9b6954605
- SHA512
  
  82845492209a406524eea3c5a2c67fde0f9c6db816cee68ca41dd35944d7e4a0ff03673fda3dd9478855b7288c68ed4d96b3f9ec676497489baf1562438dde2c
- SSDEEP
  
  384:bWyQSyLCDJjB3nHvPff/PZ5KhzZel6elZVqnZlc:RQtCDJlZ5salHq7
Score

3^/10
behavioral13 behavioral14
- Target
  
  Filmora9/MediaPlayerView.dll
- Size
  
  299KB
- MD5
  
  2dd2b00d628a72cf3ec620ad9208a257
- SHA1
  
  4f580a1d8d8aed6f0b08a29a6acecd29782d7630
- SHA256
  
  c4f266bfe670e50a05b7113172d8df82e584c2653228e6844a6551d1b42b6bf4
- SHA512
  
  80206475caf6127cefa6575a34859bf1412bf3b3170602556fe39f04652e5051397f92b6f42add6c772b11bcff02b81401c793167fd98bd5b6b8bbbd175af88b
- SSDEEP
  
  6144:3VSjjiQb1kscGu7d4plUlaig1fqL+7ss38gbbRKY4GJEmpf65k3MQ8POukoCxt:lLGu4Uax
Score

5^/10
- Drops file in System32 directory
behavioral15 behavioral16
- Target
  
  Filmora9/MediaSlide.dll
- Size
  
  42KB
- MD5
  
  2ea8c53adcabaeda1ffd164a401057d1
- SHA1
  
  44e6c8d2e24e577a9fec25d84e9bf841b4f51978
- SHA256
  
  a3a1ad475f33c45c7f9c515c49b20a8641b4193288ef89ad72f0aa3cb3e06f37
- SHA512
  
  c9490adc823787892fbe658a42c0a904ee4bcfb9b9f78a48afaa6bc4d13f25b1cc8f1369d71ee79f60412a38ecf3d78e26973757e756bfe9cdde91311aae703b
- SSDEEP
  
  768:orYiv6dyq3diXnNJ3uRuvuTvB9rE7OfCw+533Q:oDIr3wrkKmjrE7OfCw+ZQ
Score

1^/10
behavioral17 behavioral18
- Target
  
  Filmora9/NLEAnimation.dll
- Size
  
  102KB
- MD5
  
  1e9ed12fc13523ff7b334832fbc4ec06
- SHA1
  
  485e0d042fc51f85c2aa72d558eb9baafb70ddd2
- SHA256
  
  e713cb76409e245c5a1d224df9fbe76d6e9cb9a2313affc16e4ea7bab041902e
- SHA512
  
  1cb0d18b7a2809a162d99994209a55dfae56346f55c0702e1f9d3f2ad081341f56cdf803a59926382031b06e621d21319c16dc21a5abcd223803cad061d5d229
- SSDEEP
  
  3072:ck7sTUsq/ZK1WSdAUY9Gima/Mg4Rimmf3V3CrGcWp1fKOD8l:ckQTG/ZJmmPVrcWp1fKOD8l
Score

1^/10
behavioral19 behavioral20
- Target
  
  Filmora9/NLEAudioStreamProcess.dll
- Size
  
  301KB
- MD5
  
  b68f5767e475185de4ed842d60b52a98
- SHA1
  
  7b849ca679e7abf8af0c0ba75f1fc66396fdac3a
- SHA256
  
  38fcbf41547d91014bfdd80db47071cdd0ece66a8927429c81ebbde8b9bb08b4
- SHA512
  
  ae537f551f7d00a22402811e12a73905a03d625fc6ba130eb706b560c81e2d2ce847c2bbb0e6dee61da800c595b84a72aca894fdb546f7d25a356a54025c3ab8
- SSDEEP
  
  6144:PqNT2SCzfTVqpExCs0UqRYJXzJaiDFnGEQOflxjWDM5n361cnB1fhuOH:yNyVFnGEQOf7sM5n36
Score

1^/10
behavioral21 behavioral22
- Target
  
  Filmora9/NLEAuthNUpload.dll
- Size
  
  34KB
- MD5
  
  86c146bdd788774a1eb8e154dd760afb
- SHA1
  
  26b045a1fd9751596296f2abb861d772518affc5
- SHA256
  
  bb91ec5e5473d52c921c56f3ff0fee71fda4913bd97c1b7a92c2890801307ecb
- SHA512
  
  83ba4ce2ce73a71f610f79cc3df44243b16fe89fbfbf8e6004ab5e4f9d220f8ffacc2a73caec082262c1a9e4951e3d1bd7b41b8b908b06910711bd1b3786b17e
- SSDEEP
  
  768:IzlHEeScnhBCAD011c0wGt0T2RtFnwdKkSUE/DToxaiSOAgRT0:IrFBphE/3oUiSOAgu
Score

3^/10
behavioral23 behavioral24
- Target
  
  Filmora9/NLEBackBench.dll
- Size
  
  29KB
- MD5
  
  74f44714e086050e45a7f0d9db30f572
- SHA1
  
  bc4f1a7ffd6d9c6554d7019ea991f8674f36e70d
- SHA256
  
  dde6d8ab37e708f927522858b2a4695f58590c38615d03daadf4969b2e6731a2
- SHA512
  
  16a2e942a504feff605bc54d9dcc3e674d3052470481a2cae34a88ffd7a257775ba2348df6ec9abfcbc3dc845af1b5adc32ab0831a934e3142b29f776ec3e40a
- SSDEEP
  
  384:zMDyVsGuHzKbKXvjN1hNXKrmUu9PoUJPMl90svqfLaCmB3ZQZq8ydencZ6eOAD+z:VsvjNX9PU0svqfL5qp4ydycFOAD+iWR
Score

7^/10

persistence
- Registers COM server for autorun
  persistence
behavioral25 behavioral26
- Target
  
  Filmora9/NLEBackgroundCache.dll
- Size
  
  608KB
- MD5
  
  1222ef9055ca11b9da7dae4bb6b1877a
- SHA1
  
  55461273a92b8bf9ff42c23a891728951aa9d059
- SHA256
  
  8c929b28d0615fe315b37993b1e55541ceb55e90a1d945048223eafeccfcf76c
- SHA512
  
  e18e4a5879929dae735d408b9511c218d707bfc553ce3ec8b2072bfca0b84e6b4390a4e66e86153603c895429dd07117a5802b062de1aad2a928a782563ee009
- SSDEEP
  
  6144:pCmjGjaBIINgvgcw77ShGR4n5fvHhj8bw0PwFE/tR901/uo8nUf2Poy80h+hT+cj:keBLNgoL7yGR4n5n4HD/owURytl
Score

1^/10
behavioral27 behavioral28
- Target
  
  Filmora9/NLEBaseClass.dll
- Size
  
  353KB
- MD5
  
  d83d9825723cae1d4bd672f97a2532e5
- SHA1
  
  e09793b8ac03899c4056161bca037ca13c9fb192
- SHA256
  
  4a2b2b30748822420e0d957e49def64f4403be7360c101c09c7a67303444c473
- SHA512
  
  caf9e6b55445fa735918d83d88ac3757ed3fd4a84c56f5278d500ed80cf87f4b0ad97c17a1d5a78f79ffe66cd79ea20223a9602f8346f4e035d51f9d691e9c83
- SSDEEP
  
  6144:wLn/InY41fni5PiqjJdpi9CkcLuSFD2LPFc6J93+KpED0sYtQNXMDllMWc9y1fhV:wLQhfni7CcL+5sA1Jp
Score

1^/10
behavioral29 behavioral30
- Target
  
  Filmora9/NLEBitmap.dll
- Size
  
  39KB
- MD5
  
  29094e21755c9cae377729d1aaa78ce5
- SHA1
  
  9e0705a06117a428721b5a1003d5cdc8520773d8
- SHA256
  
  19127a92f3e14c6242c64cee925b8a827379d6f9a7e445425d1c452719886f89
- SHA512
  
  eb4f3eaf4bbe2fadf3a478deb273d8883b5ea1580d231ff22170e396a2acc72fda0cfe48c43d785eb843f7c457bd90ff6521f318c0d921612a44e34041240fe3
- SSDEEP
  
  768:2OO6H+Auwn7BNpBFSyxSSq9/ek5GS63/6Ye8iWZZkycdOA6gh:Pr+Auw7TfFVSSo5D63CyZbcdOA6g
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

Registers COM server for autorun

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32