General

  • Target

    refresh.ps1

  • Size

    8KB

  • Sample

    240229-qcq9ksaa3s

  • MD5

    3cdc99c2649d1d95fe7768ccfd4f1dd5

  • SHA1

    eea6b91e791cb1d2f0e019f0837dc4451b1b1b76

  • SHA256

    e89171288ff084cba8aad31ca72f05478d4c7048435d25847607dfbbcf136046

  • SHA512

    8b3314c8ac870bc542cf15f52ee92b0c2bdb079388aed623df2ab4f3fb5a396ab25a9959e49a10b8afae56d0553a40053e230aac2af6ed1f4b42be97b5f62dc6

  • SSDEEP

    48:0n6LdRX63C2Fa2iUz2WnESMBGOkdsPp33Wz1MecEZEej9Kh8shU3e:DLdRX63Q

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://technologyenterdo.shop/api

https://detectordiscusser.shop/api

https://turkeyunlikelyofw.shop/api

https://associationokeo.shop/api

Targets

    • Target

      refresh.ps1

    • Size

      8KB

    • MD5

      3cdc99c2649d1d95fe7768ccfd4f1dd5

    • SHA1

      eea6b91e791cb1d2f0e019f0837dc4451b1b1b76

    • SHA256

      e89171288ff084cba8aad31ca72f05478d4c7048435d25847607dfbbcf136046

    • SHA512

      8b3314c8ac870bc542cf15f52ee92b0c2bdb079388aed623df2ab4f3fb5a396ab25a9959e49a10b8afae56d0553a40053e230aac2af6ed1f4b42be97b5f62dc6

    • SSDEEP

      48:0n6LdRX63C2Fa2iUz2WnESMBGOkdsPp33Wz1MecEZEej9Kh8shU3e:DLdRX63Q

    Score
    10/10
    • Detect ZGRat V1

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks