541c0e0a54824f4f33b72a291e7a17a6da2ec756950caa22a78de44d48acb2b6

Resubmissions

11/02/2024, 19:10

240211-xvlv5scf66 7

11/02/2024, 17:12

240211-vqvalshh8t 7

Sharing

Copy URL Twitter E-mail

General

Target

LometuBeta.exe
Size

59.7MB
Sample

240211-vqvalshh8t
MD5

6b5368f7cbdfe71d066d097a371888dc
SHA1

542c0fa78c77714587e9ef9fa23c6276099dca74
SHA256

541c0e0a54824f4f33b72a291e7a17a6da2ec756950caa22a78de44d48acb2b6
SHA512

4e941c95357e0b24c275913ac3dc23cd833b85daa97844f2b172d61ed0d1889bc3b7879990625a90ccffdcfcf0766c5314a15f31e1f0b6dbd0ce1a79d5438c06
SSDEEP

1572864:z5QJuPh2WHcGfukXKye5VQc0jEf+LTRSk:lmusWHcZtyaizkk

Score

7^/10

Malware Config

Targets

- Target
  
  LometuBeta.exe
- Size
  
  59.7MB
- MD5
  
  6b5368f7cbdfe71d066d097a371888dc
- SHA1
  
  542c0fa78c77714587e9ef9fa23c6276099dca74
- SHA256
  
  541c0e0a54824f4f33b72a291e7a17a6da2ec756950caa22a78de44d48acb2b6
- SHA512
  
  4e941c95357e0b24c275913ac3dc23cd833b85daa97844f2b172d61ed0d1889bc3b7879990625a90ccffdcfcf0766c5314a15f31e1f0b6dbd0ce1a79d5438c06
- SSDEEP
  
  1572864:z5QJuPh2WHcGfukXKye5VQc0jEf+LTRSk:lmusWHcZtyaizkk
Score

7^/10

persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  59.4MB
- MD5
  
  d8a76f926fdb954e73dbfd26052e6979
- SHA1
  
  b3a7df32c779af17e18c69baa41abcad5709ee27
- SHA256
  
  3575750b5cefd49b3ee5e1d761468b29a0033727d6dd7d47c808f495eb1723ef
- SHA512
  
  286187b28be8fb813f9fe2e4e244c633da2fc2ba7a547d492da71bb7632722a82ad069c502e2d2b6e22c5488abec8e1fcf28b9a3dcb20d8a561bd286df9019d9
- SSDEEP
  
  786432:ravhXJURJuPhF/JBoFFIHOpZl7Cvd5uGRdIKXKxAe5VJGPJqkpY4lZIfZSLdp3on:G5QJuPh2WHcGfukXKye5VQc0jEf+LTRU
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7 behavioral8
- Target
  
  LICENSE.electron.txt
- Size
  
  1KB
- MD5
  
  4d42118d35941e0f664dddbd83f633c5
- SHA1
  
  2b21ec5f20fe961d15f2b58efb1368e66d202e5c
- SHA256
  
  5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
- SHA512
  
  3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63
Score

1^/10
behavioral10 behavioral9
- Target
  
  LICENSES.chromium.html
- Size
  
  5.3MB
- MD5
  
  dfa12f4edccb902d7d3b07fae219f176
- SHA1
  
  c2073440a5add265b4143de05e6864fed2c3b840
- SHA256
  
  501f0b7ebf0be7ed8702d317332a0f8820af837c0a2a1d7645ba04352270e2b8
- SHA512
  
  eee3a8e0eeae139ddd9369d0869c29c91007bf6c5b0d7982918d5a013214a9e80b9233e7c1ccb43124152f684f0b782831b0a6b3d126558261dd161230004e50
- SSDEEP
  
  12288:FetnJnVncnJnknE9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX04nNWQFna:WbXZ5IoWSL9bcwVR8mf+/cHBBaRp1
Score

1^/10
behavioral11 behavioral12
- Target
  
  LometuBetax.exe
- Size
  
  139.9MB
- MD5
  
  ec75e78a0d86c9653aa95a49bc5b6a53
- SHA1
  
  1d3ae6aba8748cab4bc2b33f3777eba4a025c155
- SHA256
  
  10a36e7241a8ef76f98270745fc76979020741ef22601daa605cedb043c06b2b
- SHA512
  
  bd895e0218aed1b113db52fbee0df22c8a0b50758d3154d48384f14be58af175f14d47d63732e0773c59975e6b43894f67f80e0a0cad7f1d0cf96e2f77e404ca
- SSDEEP
  
  1572864:E2Cm7gJKfVjsPawuFHNwczWTeMkF7ZEk8bCkKbj:7aodJFek8+k
Score

7^/10

persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral13 behavioral14
- Target
  
  chrome_100_percent.pak
- Size
  
  145KB
- MD5
  
  237ca1be894f5e09fd1ccb934229c33b
- SHA1
  
  f0dfcf6db1481315054efb690df282ffe53e9fa1
- SHA256
  
  f14362449e2a7c940c095eda9c41aad5f1e0b1a1b21d1dc911558291c0c36dd2
- SHA512
  
  1e52782db4a397e27ce92412192e4de6d7398effaf8c7acabc9c06a317c2f69ee5c35da1070eb94020ed89779344b957edb6b40f871b8a15f969ef787fbb2bca
- SSDEEP
  
  3072:GtsKzwI/bp2N3/nXCWZQCPxBVO2o418Gb0+VRLf0ld0GY3cQ3F2DExm/KLQ2I:GuKzwI/kNPyCtoK18Gb0OV8ld0GecQ3s
Score

3^/10
behavioral15 behavioral16
- Target
  
  chrome_200_percent.pak
- Size
  
  214KB
- MD5
  
  7059af03603f93898f66981feb737064
- SHA1
  
  668e41a728d2295a455e5e0f0a8d2fee1781c538
- SHA256
  
  04d699cfc36565fa9c06206ba1c0c51474612c8fe481c6fd1807197dc70661e6
- SHA512
  
  435329d58b56607a2097d82644be932c60727be4ae95bc2bcf10b747b7658918073319dfa1386b514d84090304a95fcf19d56827c4b196e4d348745565441544
- SSDEEP
  
  6144:qDQYaRyd+9bNNPyCt9gx5GMRejnbdZnVE6Yopym74:vf53PV6edhVELo374
Score

3^/10
behavioral17 behavioral18
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.3MB
- MD5
  
  7641e39b7da4077084d2afe7c31032e0
- SHA1
  
  2256644f69435ff2fee76deb04d918083960d1eb
- SHA256
  
  44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
- SHA512
  
  8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5
- SSDEEP
  
  49152:aYlc/220PPiMLKam+VMrLi21f4i3jn5ZO3XUDmOZQwVd2uQpN3WsGVUWd55i/jrs:a6KD2Mrdaix4NQnLt
Score

1^/10
behavioral19
- Target
  
  ffmpeg.dll
- Size
  
  2.6MB
- MD5
  
  6b7a55ba33677da910b905b54477e208
- SHA1
  
  97dec80bff4749c95bfd1a4836cfbbbf59f85b9e
- SHA256
  
  4abbed23bb74732b021b31ea3881efeb94af14d00d98a8c795359acf8d72b3ec
- SHA512
  
  ce29287ddb792820725f113e128407bcf21703af5b4561078ab6a22330e902f24dcf30c8ebd1809148b984506f66702ff3fb4a3c68a6eff55b163c563b8fe46a
- SSDEEP
  
  49152:lNuUdrIoEWcbNxPT5Y2o0zMMv4fJLt6qZ/xV06oSbpgKolqzl:agulo0z49pgKR
Score

1^/10
behavioral20 behavioral21
- Target
  
  icudtl.dat
- Size
  
  9.8MB
- MD5
  
  d866d68e4a3eae8cdbfd5fc7a9967d20
- SHA1
  
  42a5033597e4be36ccfa16d19890049ba0e25a56
- SHA256
  
  c61704cc9cf5797bf32301a2b3312158af3fe86eadc913d937031cf594760c2d
- SHA512
  
  4cc04e708b9c3d854147b097e44ff795f956b8a714ab61ddd5434119ade768eb4da4b28938a9477e4cb0d63106cce09fd1ec86f33af1c864f4ea599f8d999b97
- SSDEEP
  
  196608:KWzwSv9AAQlCy4liXUxCGZHa93Whlw6Zi88EIb:KnKlQlz4liXUxCGZHa93Whlw6Zf8EIb
Score

3^/10
behavioral22 behavioral23
- Target
  
  libEGL.dll
- Size
  
  437KB
- MD5
  
  f9c78478b8d166faabc7e0fcb9d7058b
- SHA1
  
  f44f4038d5dd3741cb650036dcb2d0c0eb2f4e5a
- SHA256
  
  02206307397bb252efcdbe0792c85183fd04b225b1efa986d7636297fbef3205
- SHA512
  
  25aa385d2d51de282e9a1c53222633546acbddc4cb85bf3792434cbd88867ff0d0722aff94948a8b6a63c7a29c3e56f7a85e734351d39de5b723eae0e75ad7e1
- SSDEEP
  
  6144:OMgpxyZ5V8fTykwI08pCYixK53Ypm8I/yaNrm44InePe/FkUCd:O1pxy+TyRd80YYDIn4OQvU
Score

1^/10
behavioral24 behavioral25
- Target
  
  libGLESv2.dll
- Size
  
  6.7MB
- MD5
  
  c803659d06897fdead1048873590d8ec
- SHA1
  
  6ec313dce8672a7f8851da6a3a460e08237c3f6d
- SHA256
  
  d1cdb910bb1d7c59611eec613c1d12414dfc4b69013daeff6d9e0b9ac10f5f60
- SHA512
  
  013ed30b6fda93d058b7844a41f4849679d869c73976f04bcc4fd3bec043610c98726d12e288a40fa30d7834bcf8e25dc621eaf0cf36453b0c6ae4360c307fd1
- SSDEEP
  
  49152:+AJyCli8IIXp8bYyytKFnf6wmQBvYYjbPC9BUYu8P+qtQg+5Et5z25AoCAF/wOqb:39yytKFnfqu+1nNhhIoqKxOm/2dB6m
Score

1^/10
behavioral26 behavioral27
- Target
  
  locales/en-GB.pak
- Size
  
  113KB
- MD5
  
  75127302ac25474709f4d4d9d003d1fa
- SHA1
  
  dc3e4ff6240c6fa27d0ba2cf4e75efd05c4bd4ef
- SHA256
  
  c4874d32ae74029a6d9b244aa939200ba56acbf80e142f70a4b4fbdb61a36bac
- SHA512
  
  5ef0369b633f6bc4d75b660d772ec2ba69310ffd2068a734d9e2a8cf3a75c61e198dcdbc9ad32eeecf7aaa66d0eff03e1bfe3aa22e5ae438cad3002897ff2c0a
- SSDEEP
  
  3072:EMog06wRTmjQK6ruzBNgBAJX9bZij3ggl+1w:rKR9r+oh
Score

3^/10
behavioral28 behavioral29
- Target
  
  locales/en-US.pak
- Size
  
  114KB
- MD5
  
  88b9e849c0035cb100d031fa5e3fa0b4
- SHA1
  
  3576e0fa589e53ae36d2b75937bd3c5c0ab8dbfc
- SHA256
  
  25462802f57f52581d34d67df00f7a4d62cb5ee5ee0e5e853f48ad9caf04dd89
- SHA512
  
  99e8cf196cd9098adf74f569d06043809454860f8f3de9e942f3ce3c2faeeaa3d6bd0572503cb6c2a6b932aff9aa7e4542501731693ec6a015cc7282af388e8b
- SSDEEP
  
  3072:DtEP4VkHY9DS2harnCBNg2AJXZfHIF3ggl+S7wh:DqP4VkHzrVoXwh
Score

3^/10
behavioral30 behavioral31
- Target
  
  resources.pak
- Size
  
  4.9MB
- MD5
  
  ff31c1a39edc8202e052a41fb977a300
- SHA1
  
  f220ed82575e346c2fb086c0868c07318d57ef92
- SHA256
  
  965dcddcb984a231fb2356d6d7ff4e047c2d8fa527442fa64981ab5d254525c9
- SHA512
  
  3b3370dd630fd200969331ae7d9b7e005cfbc3aa41ad128274bdc7797de2eca89998787a90a96baecf25ffc64e2c764cb75051efbac57c679abfd17b47873cce
- SSDEEP
  
  98304:y6zh1Kt66I001Yk93pPHCYh1348CYCUrwr1ISgMRQK8nXCpGm5vEybt:/z/Kt669GHjhB48hCUkrGsyCV5vXbt
Score

3^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Adds Run key to start application

Looks up external IP address via web service

Checks computer location settings

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Adds Run key to start application

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32