Overview

overview

10

Static

static

10

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    4.8MB

  • Sample

    240125-t8sn3aahe6

  • MD5

    bb1b77d4280450ce1e7b4217aad3c769

  • SHA1

    36ac15b55b045694468434ebde0d748b65f3af01

  • SHA256

    73fe0327b943f9b6df757077c1ce09132dafc7a3b7a8b42f9ed4331cff6e8cf1

  • SHA512

    01bbe1f1f7a876f4e7f42351892f30155b88847a79863122b5909b16a8e116f203867c05b6d5ca224056f362a84757f32d00fb7b15c9be3f7dfddd895499f15b

  • SSDEEP

    98304:cgeNLXGxp/CRfrF8Jyd3D2v1o+/8/pG/1:cpl3D29o+/8xQ

Score
10/10
kinsinglummazgratloaderratstealer

Malware Config

Extracted

Family

lumma

C2

https://vesselspeedcrosswakew.site/api

Targets

    • Target

      file.exe

    • Size

      4.8MB

    • MD5

      bb1b77d4280450ce1e7b4217aad3c769

    • SHA1

      36ac15b55b045694468434ebde0d748b65f3af01

    • SHA256

      73fe0327b943f9b6df757077c1ce09132dafc7a3b7a8b42f9ed4331cff6e8cf1

    • SHA512

      01bbe1f1f7a876f4e7f42351892f30155b88847a79863122b5909b16a8e116f203867c05b6d5ca224056f362a84757f32d00fb7b15c9be3f7dfddd895499f15b

    • SSDEEP

      98304:cgeNLXGxp/CRfrF8Jyd3D2v1o+/8/pG/1:cpl3D29o+/8xQ

    Score
    10/10
    zgratratkinsinglummaloaderstealer

    • Detect ZGRat V1

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks