Overview

overview

10

Static

static

1

movie.hta

windows7-x64

3

movie.hta

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    movie.hta

  • Size

    1.2MB

  • Sample

    231212-tdd77afgcq

  • MD5

    ca01b820c5bfe15b8c08afa16bab4af2

  • SHA1

    cd4d8fcddc97df53f7f921bccc9a9db1f0628e1e

  • SHA256

    f0d9ef8b557debe5d94338cc84c89bdc54dda938d1b24b8c01cca42f468b1387

  • SHA512

    b5ff34bd231655838c61b51f3673aec46552051ad9b88e5b4ee10d9ad1d7be1af0eabfe74fcd1339479f736750a2a871476a1e425bed98d29083bee70e5e8677

  • SSDEEP

    1536:+FCyaDi84Sy1mnh79gD1GardC+vbaKMelJePubQ+S/oleZzw7aGjXDgIm+lIWFP5:+g4FSych79aGaRvbaKAPubQ+S/olxu0

Score
10/10
lummaevasionstealertrojan

Malware Config

Targets

    • Target

      movie.hta

    • Size

      1.2MB

    • MD5

      ca01b820c5bfe15b8c08afa16bab4af2

    • SHA1

      cd4d8fcddc97df53f7f921bccc9a9db1f0628e1e

    • SHA256

      f0d9ef8b557debe5d94338cc84c89bdc54dda938d1b24b8c01cca42f468b1387

    • SHA512

      b5ff34bd231655838c61b51f3673aec46552051ad9b88e5b4ee10d9ad1d7be1af0eabfe74fcd1339479f736750a2a871476a1e425bed98d29083bee70e5e8677

    • SSDEEP

      1536:+FCyaDi84Sy1mnh79gD1GardC+vbaKMelJePubQ+S/oleZzw7aGjXDgIm+lIWFP5:+g4FSych79aGaRvbaKAPubQ+S/olxu0

    Score
    10/10
    lummaevasionstealertrojan

    • Detect Lumma Stealer payload V4

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • UAC bypass

      evasiontrojan

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks