Overview

overview

10

Static

static

10

freedom.v1...om.dll

windows10-2004-x64

3

freedom.v1...or.exe

windows10-2004-x64

1

freedom.v1...it.dll

windows10-2004-x64

1

freedom.v1...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    freedom.v1.11.zip

  • Size

    829KB

  • Sample

    240313-v7zxesbb5z

  • MD5

    a7d697b99577a3ebdcac2e59002f67bd

  • SHA1

    9e0bcedab8be1d29803bb634da49c50e4b2f0b39

  • SHA256

    20609025c17c188b73fef9ef02e672440b96da91fafa994497d69d76ed017826

  • SHA512

    4f44a3563e29f2ef02419c8c7ca7cb7f75f4ed5a4c2a692e3c529b4c0640607a007e97f3b1a45b90736a6e53127115f059fa3f3625c307c2feadcd3d9057157f

  • SSDEEP

    12288:getQzYkySLrySF53a15Uf9hWEIksgHlhlz4AIwAF8FmIzi2C95N3yWBsxV5:Bt8YkyYi15UfHW7+Dswm8F2jNo3

Score
10/10
lummazgratratstealer

Malware Config

Extracted

Family

lumma

C2

https://wisemassiveharmonious.shop/api

https://colorfulequalugliess.shop/api

https://relevantvoicelesskw.shop/api

https://associationokeo.shop/api

Targets

    • Target

      freedom.v1.11/freedom/freedom.dll

    • Size

      691KB

    • MD5

      e544b7a8004f6cf13684606525d7fc1e

    • SHA1

      15255a223dbbe7046b316c56fdbe3d2f34b29e09

    • SHA256

      997ade8148a97c18343f4f4f4ca4c952f1bbf4a7d42cf403f2c5472958a31569

    • SHA512

      fd182de95f42be84a1f02fd940b30182ec32a2ed3178e06ff06737b5ed3c80a8dd672c5e3eefcf9db991609d4026d0fc2410ba0d59a58bf93f9e34c1f0c18623

    • SSDEEP

      12288:P7zVYfwFhuLCpkH25/UNqIDNDSFJ7IRdwhSJr3dhUr:PnuYFgLwkH25/oLDBcIw6r3I

    Score
    3/10
    behavioral1

    • Target

      freedom.v1.11/freedom/freedom_injector.exe

    • Size

      109KB

    • MD5

      7dcd9813e36dd6983b8082897a733f96

    • SHA1

      a024bd07bcd0047011d9da8a82d3d7d1d502f6f1

    • SHA256

      6f15c094aee9cb8e8f3ba3f412e40ebb5184fc2fa5ddca5450d1af0b7c8af960

    • SHA512

      9ae19a9a0edf24ff80d99ea7278cd4315e54043600979d7ae1f5ea06d3737dee233b48dd980d2a6a565362fb33075ebc8f10de100503833e3e625bd39ad06907

    • SSDEEP

      3072:sRiu3YcZCjLHLc9aCbQxh2oi9+kMy+Jct6dfhTEkPVYf/51/r:SnScaCkM9X9AkkSxr

    Score
    1/10
    behavioral2

    • Target

      freedom.v1.11/freedom/prejit.dll

    • Size

      7KB

    • MD5

      970b932bcdc7288058b29defddb5d514

    • SHA1

      65caf560d7b41f0b89ade4499016f0bef84344f4

    • SHA256

      a69b09c0e63aad8979c57ba9620803c935a16d9b70f2983caba606eda2c0c601

    • SHA512

      c8b4bed6218ce35566745599d575067de0fe5afe6c5b449836152e26489f59af1b77d7655560555c231ffc8e24e2ce010933dd31c30a61062a449beba7e5e1ff

    • SSDEEP

      96:ktEeyU3TNAUwnneUrthBo25l5ilZicuV+0KCM4t04SBgyu0C2:ktEzmA9nndlojUv0Yw

    Score
    1/10
    behavioral3

    • Target

      freedom.v1.11/spoofer.exe

    • Size

      451KB

    • MD5

      9b8580dda1d8a365381b4921392aaef5

    • SHA1

      fb730478dd40d95dd86cfc59bbae668f8139683c

    • SHA256

      a2b9fbbf50e309eca6543567b4c1b1b82bbfb6c344104445bc5b8d7c88ee0008

    • SHA512

      82cc7ef2408de93f4d5c293d6da00c83adea9ffbf3435a565697e8ea1e488f2a247facc7387123259839f5f1bc67cf15080d8881b40958f25ff160b5be6990f9

    • SSDEEP

      6144:i0n6v/63f938FCQzovvLx9Yg5fSLL32bTp9XT7tIRS3BMs2VCG:NlPV8FCQz6YCfLzHqyBMnVL

    Score
    10/10
    lummazgratratstealer

    • Detect ZGRat V1

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Suspicious use of SetThreadContext

    behavioral4

MITRE ATT&CK Matrix

Tasks