General

  • Target

    !Files-PAsw0rds_9911 (extract.me).zip

  • Size

    3.5MB

  • Sample

    240224-fnq3vaah3t

  • MD5

    3b06cbd68f27cdb11ebea9ad11a9a2a0

  • SHA1

    f8241dc80a03c4a9c856941a82142dc3a810c3ea

  • SHA256

    c4faf8f2f5c7f7a19e62706a134cbf6eecc128327689be8623b26cfc43330e73

  • SHA512

    05c7364da07b336b75342e56985f6099fafbe413f8e773243a3e2ad6435f2fb423fe303149e23bab8d2c695c917ff690b88b8c951370dd915aa4365c70b959a5

  • SSDEEP

    98304:oR79v8ChBekwsWgDIKAqIyHEsdIp2ex6Zb3lUOV3:oZ9HdwsWgDAPEBZ13SW

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://controlopposedcallyo.shop/api

https://technologyenterdo.shop/api

https://detectordiscusser.shop/api

https://turkeyunlikelyofw.shop/api

https://associationokeo.shop/api

Targets

    • Target

      !Files-PAsw0rds_9911 (extract.me).zip

    • Size

      3.5MB

    • MD5

      3b06cbd68f27cdb11ebea9ad11a9a2a0

    • SHA1

      f8241dc80a03c4a9c856941a82142dc3a810c3ea

    • SHA256

      c4faf8f2f5c7f7a19e62706a134cbf6eecc128327689be8623b26cfc43330e73

    • SHA512

      05c7364da07b336b75342e56985f6099fafbe413f8e773243a3e2ad6435f2fb423fe303149e23bab8d2c695c917ff690b88b8c951370dd915aa4365c70b959a5

    • SSDEEP

      98304:oR79v8ChBekwsWgDIKAqIyHEsdIp2ex6Zb3lUOV3:oZ9HdwsWgDAPEBZ13SW

    Score
    1/10
    • Target

      Set-up.exe

    • Size

      3.3MB

    • MD5

      55076afc8f8de2df8f91fb2742bcda61

    • SHA1

      c848bb01e859163b08ce4f58994b3d814dfdf700

    • SHA256

      e3cb1b8edb969533e9299c4169b12df17a01d7516df943b486a785c986ceda30

    • SHA512

      70bf3d76b86b28aa4209a51469a4b2161c4253313849217b5e1267cb17f6279235b9ed18cd975aa48227401b48887f594b3be149531750638091afc51a425d26

    • SSDEEP

      98304:WNdaWWhvT90MSGmHUkC+UH9txcv0HGM62OQy:WNdaWWhvZ0MhmHUkxUH9tx1HA

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Suspicious use of SetThreadContext

    • Target

      equilibrator.tar

    • Size

      84KB

    • MD5

      f07f53569c594f04b5b15ca6dbe4b455

    • SHA1

      0cc33a3154349fad167f56f24d768177291383e2

    • SHA256

      6a052820e39dc91e9fbbd96f8b5b2180d63266bf156dd3d2dd94af98294c715a

    • SHA512

      75ff71afc83d2b499bcea82034691d1d9707c6a525e8ed24f7469934b7a1fbd607cc8e0a36dc1ebe58c97706dbc8cf7052a4aee49858caa5b18c04cb9486e2bf

    • SSDEEP

      1536:YOEJtqeRbVRiDosnyCK0d0VeBW1HbFvXtyK6ljrc1caC:LEJtqelSDDnfK0qVTtbRUK6ljI6

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      floe.txt

    • Size

      1.3MB

    • MD5

      a527554df554b54a7c8e88b866c15e6c

    • SHA1

      096d51d94c12138959c1136e123f1f1d7ee3d3f5

    • SHA256

      0da8d93d2749623af35e846fe4af025bf1aba1efddfe4f29d946f880eb3248ac

    • SHA512

      5a9661810e5f8b17a20c389f17c89ce965773eb30a783e6472354f0a0a8d41df7f59ba2e179cdeb4eca210b7e1bfe704bb820bb8e01df79bd400be31c3132be5

    • SSDEEP

      24576:jPGd/Rk+3lKeGwhBksecn3bhgNFn3xGaSk7QGMpFL5lVK2dTCmV:zG3VfGw4LcndgXUavwpFL5FTtV

    Score
    1/10
    • Target

      libX11-6.dll

    • Size

      1.2MB

    • MD5

      3cd9af46753f2a618d15157372d0d2bc

    • SHA1

      f2a1781b1a6d33338db4d9725b28f15d8a410903

    • SHA256

      497471497886f18ca16f7facab7d76dc9bfadd69deb9c6e4ea9bdc0869a15628

    • SHA512

      925097106554f6eac698ba933e32fb82c1405c7ccfe284b27f1558e9ab46139506b1e981721aeafaf2e0d595dbdfce3587c4056c6920fdffb0b2f2bdbdcdb38d

    • SSDEEP

      24576:uA7S97BMxq0REUm75horlhVwwf7JtdVrd:ud9VMxq0REUm7IrlhVd7d

    Score
    3/10
    • Target

      libXau-6.dll

    • Size

      20KB

    • MD5

      b6f0655bed934503621fcf94ba449a19

    • SHA1

      f0a5d9eefff5f3bcd2e23b9db748c50cffc1c6e8

    • SHA256

      0da1f856d92d6b95f10ed8c3f629cd15468c906de9352fb4ae629139d1412eed

    • SHA512

      77a10ae1748e5d76288c59933f3f41d4dc7a690b1f2bc9bff0b761f9f2c5331f868dc0259ffe4c4672e1806c33f3f9d0fe0a8b09b10e06333d2590f623c5b284

    • SSDEEP

      192:vdBaTJcGAV5S55Nv8ekSoifItD33VBBmBJI3b5Ud5kbQbDTHlNspsorvgAFa2jf7:lBwcGAV5S55ZkBpTVTuI3dUd5GFoCJg+

    Score
    1/10
    • Target

      libXdmcp-6.dll

    • Size

      28KB

    • MD5

      7d4f4d3bc6ab6c3ea2097a7ecd018728

    • SHA1

      2434fbad089ac85eda43c0b0e911ab437b4dfe63

    • SHA256

      7705851ba047a8154402aca92621b60be0e0e9d9b52b19bf8be540305bd53dba

    • SHA512

      f9b64cbcd7c7c7b4e942c3da74fb280762d038f974fc23d1e0431b15787aefc87464cda121aa8fccf499af46e345dd65aa5fb5cfee1cb45dba6e5dd79b01a1d8

    • SSDEEP

      384:sEZJxxKcB6SOd08J0DBljbG4H80iIOitbr0iIOi1Nk6qTdOoTcFbf3IU2xRov+h2:sEYWnJH80Qi0Q+ZOcFDR27e

    Score
    3/10
    • Target

      libdl.dll

    • Size

      17KB

    • MD5

      ed925bdab51f49813686b62eb82fb4a4

    • SHA1

      bc7c742b92a5b47089e0b400a8a80bb217e775fe

    • SHA256

      e1646c7778c24407a17881908037a49ecfcb5a980d155212d544302653a3ef62

    • SHA512

      5be99a6b0e2091fe37ff50d5a9c4fa789db27b5ba108801e4d18e99ae584ae1bc91ba3339916dff8a323155815e660f43ca54ffcc7c14c1e3f90600aedb54bd8

    • SSDEEP

      192:9oqX4Maf/9pG1cBQS6YEn8+K8fZkkLGM2u5YiXNDTPsd9/9ZidfuOiSLU8:9XX4My/9pG1cBQS6nb6kqu28wOY8

    Score
    3/10
    • Target

      libgcc_s_dw2-1.dll

    • Size

      114KB

    • MD5

      d35376c0d447108b2f9d64d4c40014f8

    • SHA1

      c68129e8bf6cdaaa318c5aad8974efbc2b7ce39a

    • SHA256

      c7544e1f9927afdf6e8cd7063020b572e60fe8f00af39227eb831d331df38225

    • SHA512

      c46af0bbd3bca6e12125750a5b1ca4f17f85f84729b1c1c01ee76de3704bcdb090212202cf449458833f8ee92e9a46c8758cbd069747de534e2984dccbe9f24d

    • SSDEEP

      1536:YkTNSPvyLV9dUT+PspQ+2Q4p2VtjByBzEgezt2f38hD99/E3oiHjyYIx7s:YZilU6PspQ+2zsBy2q8hD83oiHjyYA7s

    Score
    3/10
    • Target

      libwinpthread-1.dll

    • Size

      96KB

    • MD5

      e40b7acdd7654c071b0f2c17eb91fddd

    • SHA1

      6f7f65cacb44a378169cb9066099dccf96f51426

    • SHA256

      b53329b607a4af6d59ce94c2ef79abad5bea6ff7045f53af721f5ca09e6f5840

    • SHA512

      dcdddf8601e733947e76c6c5dca0cd7ffd2eb373ef771e43d411da3ee6d3da40f0a8f34e7599a3b7a6399fb4ee26d501d86acb08b889acc07e95a9a1d6b17a4e

    • SSDEEP

      1536:BIW87l4cRxoT1nJesB6fyIer2UWrSvTEfqRkbORhW4iI4im3Yco+:Be79xUnJJFmATEYkbSiI4im3Yco+

    Score
    3/10
    • Target

      libxcb-1.dll

    • Size

      132KB

    • MD5

      a4212be49e5ce8f3bf3950ca32c4bf14

    • SHA1

      53f8e986e5fa3844eb73f063ed01772b53bc2504

    • SHA256

      394d2d862f2ddce71f28d9b933b21a7d6c621c80ef28652574f758f77f01f716

    • SHA512

      74520d3b3749d2b61e8a970c1fb29c588f98ce477eac4ced8837420153a6e739303aca15ed7d1e070125afa7f3ee32e452815ef1af135f8ed39ef2fce9d333ab

    • SSDEEP

      3072:aIGpdymum+ToZU+DXGzm7YVB7h0We49UP9PXrW:9mTj++zGzmcVB7h0h49UP9/rW

    Score
    3/10
    • Target

      libxcb-image-0.dll

    • Size

      25KB

    • MD5

      a3718d24f0e6eae9d6121a1219381ae9

    • SHA1

      a3377f64d8fb6162f6280d3d924626c1fc6a2fe7

    • SHA256

      cb220267fb0116b298bab6a09a764420d630c52026f7d750f8ffca4818389327

    • SHA512

      43f9c760be222490d43cbd9589b4afbc64759919993a1957a13a753cfcc9d94059dba0b5400a745c377c7bea1f02f4f8f6f952bee5b7ed33f6a49efaec62e9f6

    • SSDEEP

      384:MQg1oL5xGT8So2/8iC6KcIId6dTGtDVHJsH9I8qxeHt6Lboi7:1g4i8i5EdTUpGdrBMLV

    Score
    3/10
    • Target

      libxcb-shm-0.dll

    • Size

      19KB

    • MD5

      557ed85a1d8a3308e552a77a9902e8cf

    • SHA1

      a9acf7a1db500a734e95038b29c0bd90f7af59e7

    • SHA256

      e102c9c5b22ceb60dc516ab4124bea8ec8e808b08eec48ea7ac674d13fca82ef

    • SHA512

      110acfc0b886a1ff77b5452e2f813213630ba2eb4610e06942a59da78e516e05893b049c0d1ddcc077ebabb3a9490cf84fb41f31b62822c9365b60a1b38fd4b8

    • SSDEEP

      192:w/gaEEPQOv7AV2SbsZ/oBtUoBx1tFnMDRlqbE9ubTtEHL+zJjIOaDTTsGzXKMy73:MgIv7AV2SbsoBCoBntUSd7z0y74Yd97

    Score
    3/10
    • Target

      libxcb-util-1.dll

    • Size

      23KB

    • MD5

      ee6788d3d3750421e01519a27f86634e

    • SHA1

      48f4c7dc7bd1208f07e4176e78f035d36682d687

    • SHA256

      b5acf358ff97127eac9ef4c664a980b937376b5295ef23d77ee338225de10d60

    • SHA512

      12ef0ac4cf9c8461044317e693bcfabdb4beb34a222b635ba50f6652b5a91b92ff20cb19e916ac60dca3e8314b7d8cec710a1c730374bb8f260b8d94f57c9775

    • SSDEEP

      384:FlSwg+49czS++g6Od6e4um1J47E6Lx7Ow7qOocOS1:FlWgPdX66wwQJk

    Score
    3/10
    • Target

      zlib1.dll

    • Size

      90KB

    • MD5

      7e507af32ca219d2f832cf8d90ca805b

    • SHA1

      4eb56c6f4184efc5a6bb5c7cab46547cfa769744

    • SHA256

      3668c6749db59a6cbc5293d0a4f904f76d6fb5048704449dd53894916f408a57

    • SHA512

      d19c6a0a0798db42490631aa9e30da4200e0b687250daa5ec8bcfe68ae2589a523adeacb6c77544488ddc7610fa84be7477a92c2a27605537a0caec2449c87f1

    • SSDEEP

      1536:pQrGMvscpi5FEexSwqJFQjF2P5kzfWan9USUnToIfAIO6IOq89CVxX:pahexSwqJFQjF2wUrTBf2Iq6AxX

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks