Overview

overview

10

Static

static

3

Set-up.exe

windows7-x64

5

Set-up.exe

windows10-2004-x64

10

equilibrator.tar

windows7-x64

3

equilibrator.tar

windows10-2004-x64

7

floe.txt

windows7-x64

1

floe.txt

windows10-2004-x64

1

libX11-6.dll

windows7-x64

1

libX11-6.dll

windows10-2004-x64

3

libXau-6.dll

windows7-x64

1

libXau-6.dll

windows10-2004-x64

3

libXdmcp-6.dll

windows7-x64

1

libXdmcp-6.dll

windows10-2004-x64

3

libdl.dll

windows7-x64

1

libdl.dll

windows10-2004-x64

3

libgcc_s_dw2-1.dll

windows7-x64

1

libgcc_s_dw2-1.dll

windows10-2004-x64

3

libwinpthread-1.dll

windows7-x64

1

libwinpthread-1.dll

windows10-2004-x64

3

libxcb-1.dll

windows7-x64

1

libxcb-1.dll

windows10-2004-x64

3

libxcb-image-0.dll

windows7-x64

1

libxcb-image-0.dll

windows10-2004-x64

3

libxcb-shm-0.dll

windows7-x64

1

libxcb-shm-0.dll

windows10-2004-x64

3

libxcb-util-1.dll

windows7-x64

1

libxcb-util-1.dll

windows10-2004-x64

3

zlib1.dll

windows7-x64

1

zlib1.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    !Files-PAsw0rds__7711.zip

  • Size

    2.9MB

  • Sample

    240224-xlnclsbe86

  • MD5

    4469abb19339223c6857a0ea03aa23c5

  • SHA1

    78a4fe56e6f5ee15a9b07f84250ea0465e438d1e

  • SHA256

    3b1e84e9452c52f4448e38eed17b5c280b5fe4ec69b631e712ff65e60e26c3f1

  • SHA512

    12613646cc4135d6dc0c7e48ae8fda43de17afa526e70cc5a61f3b682c7bc6fd648e5bb999838bf5af67d2757aadba51dac1c0e58d7e4d8a55a8016c2be3e9ea

  • SSDEEP

    49152:pB60P4KsTbm/i7rpVKxWZTt6BsaukTfmj5bZPNXAjgV0XgtJhFgaRJ9wVNbJT7+M:3R4R3touT4sATfmxnwMnhaiXwVZJ3mCT

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://controlopposedcallyo.shop/api

https://technologyenterdo.shop/api

https://detectordiscusser.shop/api

https://turkeyunlikelyofw.shop/api

https://associationokeo.shop/api

Targets

    • Target

      Set-up.exe

    • Size

      3.3MB

    • MD5

      55076afc8f8de2df8f91fb2742bcda61

    • SHA1

      c848bb01e859163b08ce4f58994b3d814dfdf700

    • SHA256

      e3cb1b8edb969533e9299c4169b12df17a01d7516df943b486a785c986ceda30

    • SHA512

      70bf3d76b86b28aa4209a51469a4b2161c4253313849217b5e1267cb17f6279235b9ed18cd975aa48227401b48887f594b3be149531750638091afc51a425d26

    • SSDEEP

      98304:WNdaWWhvT90MSGmHUkC+UH9txcv0HGM62OQy:WNdaWWhvZ0MhmHUkxUH9tx1HA

    Score
    10/10
    lummastealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      equilibrator.tar

    • Size

      84KB

    • MD5

      f07f53569c594f04b5b15ca6dbe4b455

    • SHA1

      0cc33a3154349fad167f56f24d768177291383e2

    • SHA256

      6a052820e39dc91e9fbbd96f8b5b2180d63266bf156dd3d2dd94af98294c715a

    • SHA512

      75ff71afc83d2b499bcea82034691d1d9707c6a525e8ed24f7469934b7a1fbd607cc8e0a36dc1ebe58c97706dbc8cf7052a4aee49858caa5b18c04cb9486e2bf

    • SSDEEP

      1536:YOEJtqeRbVRiDosnyCK0d0VeBW1HbFvXtyK6ljrc1caC:LEJtqelSDDnfK0qVTtbRUK6ljI6

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

    • Target

      floe.txt

    • Size

      1.3MB

    • MD5

      3e81b9e7ec91b765697b9ec13e8b7d5e

    • SHA1

      b58e0ed59a8f00afabf06bc9b437dd9f87fad5ea

    • SHA256

      3c004db3f2a28717b90aa93aceb54b4ae9cc58e2872097faea676b3831037426

    • SHA512

      e426e195483c1ffd813717a061f8272ee3dd07df961328be57387413b2900bfa1dba9dc537c5a272a0a81e1bfdbcac4de2a42f88bfdbae9e8d3a8688b33b8e43

    • SSDEEP

      24576:7Afv4ZdHfdZwMnCmbJYtyqsqXkDNcnvCV9wFL6TfYctIhoZaZZZwbATV:qgdHJCmxVqXDnucfct4Sa

    Score
    1/10
    behavioral5behavioral6

    • Target

      libX11-6.dll

    • Size

      1.2MB

    • MD5

      3cd9af46753f2a618d15157372d0d2bc

    • SHA1

      f2a1781b1a6d33338db4d9725b28f15d8a410903

    • SHA256

      497471497886f18ca16f7facab7d76dc9bfadd69deb9c6e4ea9bdc0869a15628

    • SHA512

      925097106554f6eac698ba933e32fb82c1405c7ccfe284b27f1558e9ab46139506b1e981721aeafaf2e0d595dbdfce3587c4056c6920fdffb0b2f2bdbdcdb38d

    • SSDEEP

      24576:uA7S97BMxq0REUm75horlhVwwf7JtdVrd:ud9VMxq0REUm7IrlhVd7d

    Score
    3/10
    behavioral7behavioral8

    • Target

      libXau-6.dll

    • Size

      20KB

    • MD5

      b6f0655bed934503621fcf94ba449a19

    • SHA1

      f0a5d9eefff5f3bcd2e23b9db748c50cffc1c6e8

    • SHA256

      0da1f856d92d6b95f10ed8c3f629cd15468c906de9352fb4ae629139d1412eed

    • SHA512

      77a10ae1748e5d76288c59933f3f41d4dc7a690b1f2bc9bff0b761f9f2c5331f868dc0259ffe4c4672e1806c33f3f9d0fe0a8b09b10e06333d2590f623c5b284

    • SSDEEP

      192:vdBaTJcGAV5S55Nv8ekSoifItD33VBBmBJI3b5Ud5kbQbDTHlNspsorvgAFa2jf7:lBwcGAV5S55ZkBpTVTuI3dUd5GFoCJg+

    Score
    3/10
    behavioral10behavioral9

    • Target

      libXdmcp-6.dll

    • Size

      28KB

    • MD5

      7d4f4d3bc6ab6c3ea2097a7ecd018728

    • SHA1

      2434fbad089ac85eda43c0b0e911ab437b4dfe63

    • SHA256

      7705851ba047a8154402aca92621b60be0e0e9d9b52b19bf8be540305bd53dba

    • SHA512

      f9b64cbcd7c7c7b4e942c3da74fb280762d038f974fc23d1e0431b15787aefc87464cda121aa8fccf499af46e345dd65aa5fb5cfee1cb45dba6e5dd79b01a1d8

    • SSDEEP

      384:sEZJxxKcB6SOd08J0DBljbG4H80iIOitbr0iIOi1Nk6qTdOoTcFbf3IU2xRov+h2:sEYWnJH80Qi0Q+ZOcFDR27e

    Score
    3/10
    behavioral11behavioral12

    • Target

      libdl.dll

    • Size

      17KB

    • MD5

      ed925bdab51f49813686b62eb82fb4a4

    • SHA1

      bc7c742b92a5b47089e0b400a8a80bb217e775fe

    • SHA256

      e1646c7778c24407a17881908037a49ecfcb5a980d155212d544302653a3ef62

    • SHA512

      5be99a6b0e2091fe37ff50d5a9c4fa789db27b5ba108801e4d18e99ae584ae1bc91ba3339916dff8a323155815e660f43ca54ffcc7c14c1e3f90600aedb54bd8

    • SSDEEP

      192:9oqX4Maf/9pG1cBQS6YEn8+K8fZkkLGM2u5YiXNDTPsd9/9ZidfuOiSLU8:9XX4My/9pG1cBQS6nb6kqu28wOY8

    Score
    3/10
    behavioral13behavioral14

    • Target

      libgcc_s_dw2-1.dll

    • Size

      114KB

    • MD5

      d35376c0d447108b2f9d64d4c40014f8

    • SHA1

      c68129e8bf6cdaaa318c5aad8974efbc2b7ce39a

    • SHA256

      c7544e1f9927afdf6e8cd7063020b572e60fe8f00af39227eb831d331df38225

    • SHA512

      c46af0bbd3bca6e12125750a5b1ca4f17f85f84729b1c1c01ee76de3704bcdb090212202cf449458833f8ee92e9a46c8758cbd069747de534e2984dccbe9f24d

    • SSDEEP

      1536:YkTNSPvyLV9dUT+PspQ+2Q4p2VtjByBzEgezt2f38hD99/E3oiHjyYIx7s:YZilU6PspQ+2zsBy2q8hD83oiHjyYA7s

    Score
    3/10
    behavioral15behavioral16

    • Target

      libwinpthread-1.dll

    • Size

      96KB

    • MD5

      e40b7acdd7654c071b0f2c17eb91fddd

    • SHA1

      6f7f65cacb44a378169cb9066099dccf96f51426

    • SHA256

      b53329b607a4af6d59ce94c2ef79abad5bea6ff7045f53af721f5ca09e6f5840

    • SHA512

      dcdddf8601e733947e76c6c5dca0cd7ffd2eb373ef771e43d411da3ee6d3da40f0a8f34e7599a3b7a6399fb4ee26d501d86acb08b889acc07e95a9a1d6b17a4e

    • SSDEEP

      1536:BIW87l4cRxoT1nJesB6fyIer2UWrSvTEfqRkbORhW4iI4im3Yco+:Be79xUnJJFmATEYkbSiI4im3Yco+

    Score
    3/10
    behavioral17behavioral18

    • Target

      libxcb-1.dll

    • Size

      132KB

    • MD5

      a4212be49e5ce8f3bf3950ca32c4bf14

    • SHA1

      53f8e986e5fa3844eb73f063ed01772b53bc2504

    • SHA256

      394d2d862f2ddce71f28d9b933b21a7d6c621c80ef28652574f758f77f01f716

    • SHA512

      74520d3b3749d2b61e8a970c1fb29c588f98ce477eac4ced8837420153a6e739303aca15ed7d1e070125afa7f3ee32e452815ef1af135f8ed39ef2fce9d333ab

    • SSDEEP

      3072:aIGpdymum+ToZU+DXGzm7YVB7h0We49UP9PXrW:9mTj++zGzmcVB7h0h49UP9/rW

    Score
    3/10
    behavioral19behavioral20

    • Target

      libxcb-image-0.dll

    • Size

      25KB

    • MD5

      a3718d24f0e6eae9d6121a1219381ae9

    • SHA1

      a3377f64d8fb6162f6280d3d924626c1fc6a2fe7

    • SHA256

      cb220267fb0116b298bab6a09a764420d630c52026f7d750f8ffca4818389327

    • SHA512

      43f9c760be222490d43cbd9589b4afbc64759919993a1957a13a753cfcc9d94059dba0b5400a745c377c7bea1f02f4f8f6f952bee5b7ed33f6a49efaec62e9f6

    • SSDEEP

      384:MQg1oL5xGT8So2/8iC6KcIId6dTGtDVHJsH9I8qxeHt6Lboi7:1g4i8i5EdTUpGdrBMLV

    Score
    3/10
    behavioral21behavioral22

    • Target

      libxcb-shm-0.dll

    • Size

      19KB

    • MD5

      557ed85a1d8a3308e552a77a9902e8cf

    • SHA1

      a9acf7a1db500a734e95038b29c0bd90f7af59e7

    • SHA256

      e102c9c5b22ceb60dc516ab4124bea8ec8e808b08eec48ea7ac674d13fca82ef

    • SHA512

      110acfc0b886a1ff77b5452e2f813213630ba2eb4610e06942a59da78e516e05893b049c0d1ddcc077ebabb3a9490cf84fb41f31b62822c9365b60a1b38fd4b8

    • SSDEEP

      192:w/gaEEPQOv7AV2SbsZ/oBtUoBx1tFnMDRlqbE9ubTtEHL+zJjIOaDTTsGzXKMy73:MgIv7AV2SbsoBCoBntUSd7z0y74Yd97

    Score
    3/10
    behavioral23behavioral24

    • Target

      libxcb-util-1.dll

    • Size

      23KB

    • MD5

      ee6788d3d3750421e01519a27f86634e

    • SHA1

      48f4c7dc7bd1208f07e4176e78f035d36682d687

    • SHA256

      b5acf358ff97127eac9ef4c664a980b937376b5295ef23d77ee338225de10d60

    • SHA512

      12ef0ac4cf9c8461044317e693bcfabdb4beb34a222b635ba50f6652b5a91b92ff20cb19e916ac60dca3e8314b7d8cec710a1c730374bb8f260b8d94f57c9775

    • SSDEEP

      384:FlSwg+49czS++g6Od6e4um1J47E6Lx7Ow7qOocOS1:FlWgPdX66wwQJk

    Score
    3/10
    behavioral25behavioral26

    • Target

      zlib1.dll

    • Size

      90KB

    • MD5

      7e507af32ca219d2f832cf8d90ca805b

    • SHA1

      4eb56c6f4184efc5a6bb5c7cab46547cfa769744

    • SHA256

      3668c6749db59a6cbc5293d0a4f904f76d6fb5048704449dd53894916f408a57

    • SHA512

      d19c6a0a0798db42490631aa9e30da4200e0b687250daa5ec8bcfe68ae2589a523adeacb6c77544488ddc7610fa84be7477a92c2a27605537a0caec2449c87f1

    • SSDEEP

      1536:pQrGMvscpi5FEexSwqJFQjF2P5kzfWan9USUnToIfAIO6IOq89CVxX:pahexSwqJFQjF2wUrTBf2Iq6AxX

    Score
    3/10
    behavioral27behavioral28

MITRE ATT&CK Enterprise v15

Tasks