General

  • Target

    Launcher.rar

  • Size

    14.4MB

  • Sample

    240113-ckj9caagf4

  • MD5

    9b387034acd7e2b00c5de3386423a9d3

  • SHA1

    f70f51869a70bcdf565dd14a597d97a4d6ccb181

  • SHA256

    dc2c4316631554c86ce0f28331b29817887cf189eda5d720f996562f32519c12

  • SHA512

    529e504528bab4697a3b0f2516ca821a11676285d25e6ffcf013e753694d916bb6a821fe9c1e30ced384746dc35cee55baa561cfb60ee7a33f88be42e9fc3952

  • SSDEEP

    393216:vWOqmjmZSVn3FPaeYEzfeQRet+uwu+XOl04UCi:vWjEd3FPaeYETaLwEHi

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://goddirtybrilliancece.fun/api

Targets

    • Target

      Launcher.rar

    • Size

      14.4MB

    • MD5

      9b387034acd7e2b00c5de3386423a9d3

    • SHA1

      f70f51869a70bcdf565dd14a597d97a4d6ccb181

    • SHA256

      dc2c4316631554c86ce0f28331b29817887cf189eda5d720f996562f32519c12

    • SHA512

      529e504528bab4697a3b0f2516ca821a11676285d25e6ffcf013e753694d916bb6a821fe9c1e30ced384746dc35cee55baa561cfb60ee7a33f88be42e9fc3952

    • SSDEEP

      393216:vWOqmjmZSVn3FPaeYEzfeQRet+uwu+XOl04UCi:vWjEd3FPaeYETaLwEHi

    Score
    10/10
    • Detect ZGRat V1

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks