General

  • Target

    16032024_0001_chooseadvancepro.zip

  • Size

    8.4MB

  • Sample

    240315-tgjxvace9s

  • MD5

    ebe44e26839403d514068242e284df70

  • SHA1

    84216fae394c4c61df865f15b27cdaa9e4c3f272

  • SHA256

    4a5f11e3a8ef02a8cecd221c14e789562c441df0fd9f91c7766ad3d25d03ec85

  • SHA512

    ae3dfc72aa8fc087bc8f3263487e1bcf7d7575d72139b5dd6ce96e75b85fa68277fc2cb29dc01ce65fe02035090bc699ac04fbfb3ef283a1ba7898c58f2d65ad

  • SSDEEP

    196608:50+fC+T+jdaP0aU/c83Y/TiBdb5RbkMtKy3wwNvxTOjnTjjuKY7a:50FjIPrU/cCyTS51k8LAnTXq7a

Malware Config

Extracted

Family

lumma

C2

https://colorfulequalugliess.shop/api

Targets

    • Target

      chooseadvancepro/chooseadvancepro.exe

    • Size

      8.4MB

    • MD5

      c619f9f5947e27fafad1cb1d62d17311

    • SHA1

      ac04371cd219632c08e0a4b60bad49a259dd4444

    • SHA256

      e200ee556b9cc7354becc3f397c4b8d0225c38ea8c9d17182e552cc0fe48056d

    • SHA512

      eaf023fdc896dd4b5267a137feb69fc649fe8a7b4e42fe22638c0d52a4a31e4c575cfae20f10bb9af9f3b4809db98cf2ce0724ed8c8047040eb8c2c961ea374e

    • SSDEEP

      196608:kgdA+F6/H8nOikJSs3uzhSHFnDnArEYtW8xq2/v1dstbTZjIKKv:k1/cnzkJSSuhiDWEojIbThYv

    • Detect ZGRat V1

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • PureLog Stealer

      PureLog Stealer is an infostealer written in C#.

    • PureLog Stealer payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks