Overview
overview
10Static
static
3RainwaySetup.exe
windows7-x64
7RainwaySetup.exe
windows10-2004-x64
10$TEMP/Feel...o.jnlp
windows7-x64
1$TEMP/Feel...o.jnlp
windows10-2004-x64
7$TEMP/Feel...R.jnlp
windows7-x64
1$TEMP/Feel...R.jnlp
windows10-2004-x64
1$TEMP/Feel...v.jnlp
windows7-x64
1$TEMP/Feel...v.jnlp
windows10-2004-x64
1$TEMP/Feel...N.jnlp
windows7-x64
1$TEMP/Feel...N.jnlp
windows10-2004-x64
1$TEMP/Feel...K.jnlp
windows7-x64
1$TEMP/Feel...K.jnlp
windows10-2004-x64
1$TEMP/Feel...W.jnlp
windows7-x64
1$TEMP/Feel...W.jnlp
windows10-2004-x64
1$TEMP/Feel...32.jar
windows7-x64
1$TEMP/Feel...32.jar
windows10-2004-x64
7$TEMP/Feel...ge.jar
windows7-x64
1$TEMP/Feel...ge.jar
windows10-2004-x64
7$TEMP/Feel...ta.jar
windows7-x64
1$TEMP/Feel...ta.jar
windows10-2004-x64
7$TEMP/Feel...ns.jar
windows7-x64
1$TEMP/Feel...ns.jar
windows10-2004-x64
7$TEMP/Feel...ss.jar
windows7-x64
1$TEMP/Feel...ss.jar
windows10-2004-x64
7$TEMP/Feel...rt.jar
windows7-x64
1$TEMP/Feel...rt.jar
windows10-2004-x64
7$TEMP/Feel...ta.jar
windows7-x64
1$TEMP/Feel...ta.jar
windows10-2004-x64
7$TEMP/Feel...rn.jar
windows7-x64
1$TEMP/Feel...rn.jar
windows10-2004-x64
7$TEMP/Feel...ec.jar
windows7-x64
1$TEMP/Feel...ec.jar
windows10-2004-x64
7General
-
Target
RainwaySetup.exe
-
Size
77.5MB
-
Sample
240319-12pgdsha44
-
MD5
119252b2492fe260ae6e86288f47681e
-
SHA1
86e99df45c60c14debedf2fe8aa5ae3c58fdcba8
-
SHA256
55626f87358dc713199e31869307ffcc9e38a08d7f204b5feb0181f17ea47519
-
SHA512
bad80ea00dc0a198e0399b15ccc7f4d10c3bfe1fdd2d6f63a8281e4af9d7524a2556a5f467b033c659717b8821a8cb03194a362ab9ea7a08484126c63ffd160f
-
SSDEEP
1572864:j1rENW7sV/fd5W6hUQz6aNM02KbWuwxNtv8uXQK9JU+HZNpkSeqS5VexR:jpEesV/G6hUQzHPgxNtv8EJUavkSRR
Static task
static1
Behavioral task
behavioral1
Sample
RainwaySetup.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
RainwaySetup.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/deploy/messages_ko.jnlp
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/deploy/messages_ko.jnlp
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/deploy/messages_pt_BR.jnlp
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/deploy/messages_pt_BR.jnlp
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/deploy/messages_sv.jnlp
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/deploy/messages_sv.jnlp
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/deploy/messages_zh_CN.jnlp
Resource
win7-20240215-en
Behavioral task
behavioral10
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/deploy/messages_zh_CN.jnlp
Resource
win10v2004-20240319-en
Behavioral task
behavioral11
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/deploy/messages_zh_HK.jnlp
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/deploy/messages_zh_HK.jnlp
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/deploy/messages_zh_TW.jnlp
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/deploy/messages_zh_TW.jnlp
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/access-bridge-32.jar
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/access-bridge-32.jar
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/access-bridge.jar
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/access-bridge.jar
Resource
win10v2004-20231215-en
Behavioral task
behavioral19
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/cldrdata.jar
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/cldrdata.jar
Resource
win10v2004-20231215-en
Behavioral task
behavioral21
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/dnsns.jar
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/dnsns.jar
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/jaccess.jar
Resource
win7-20231129-en
Behavioral task
behavioral24
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/jaccess.jar
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/jfxrt.jar
Resource
win7-20231129-en
Behavioral task
behavioral26
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/jfxrt.jar
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/localedata.jar
Resource
win7-20240215-en
Behavioral task
behavioral28
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/localedata.jar
Resource
win10v2004-20240319-en
Behavioral task
behavioral29
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/nashorn.jar
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/nashorn.jar
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/sunec.jar
Resource
win7-20240215-en
Behavioral task
behavioral32
Sample
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/sunec.jar
Resource
win10v2004-20240226-en
Malware Config
Extracted
lumma
https://colorfulequalugliess.shop/api
Targets
-
-
Target
RainwaySetup.exe
-
Size
77.5MB
-
MD5
119252b2492fe260ae6e86288f47681e
-
SHA1
86e99df45c60c14debedf2fe8aa5ae3c58fdcba8
-
SHA256
55626f87358dc713199e31869307ffcc9e38a08d7f204b5feb0181f17ea47519
-
SHA512
bad80ea00dc0a198e0399b15ccc7f4d10c3bfe1fdd2d6f63a8281e4af9d7524a2556a5f467b033c659717b8821a8cb03194a362ab9ea7a08484126c63ffd160f
-
SSDEEP
1572864:j1rENW7sV/fd5W6hUQz6aNM02KbWuwxNtv8uXQK9JU+HZNpkSeqS5VexR:jpEesV/G6hUQzHPgxNtv8EJUavkSRR
Score10/10-
PureLog Stealer payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
$TEMP/FeelingEyestrain-Launcher/u571/lib/deploy/messages_ko.properties
-
Size
5KB
-
MD5
64de22212ee92f29bca3aced72737254
-
SHA1
c4dbc247043578ccf9cd8dab652d096703d5b26e
-
SHA256
292696c94d5fd0bf2ff4af9e4d363bfcbe888d2e65bd18a20cf71081fb1c9b0d
-
SHA512
ca33c75b66d8b5316b1c3ed41a9a14dd8611a3bb9b26efdc7f468250696d515cf1e966831975c9abdc33e9a1c59167fe79ba547592d2a04997e1342433e7b628
-
SSDEEP
96:GhymCk3kjLqgz9RkfrsEW/p9M32i0HkZr+ywc8b8+/moD7yct070DL70Dm:Dm5kLfIErMbT/44in
Score7/10-
Modifies file permissions
-
-
-
Target
$TEMP/FeelingEyestrain-Launcher/u571/lib/deploy/messages_pt_BR.properties
-
Size
3KB
-
MD5
4078691ab22c4f0664856be0c024a52f
-
SHA1
6247fc05de429f65dc4e1356c4715dc51f43b98f
-
SHA256
6869b27b12b99c9d169b3e018284be0f7631dbdf2ddd5f4ea5b1a458736fdfdf
-
SHA512
bb02765f69e23c732c790eb994800c83bb8efe7ff8ce0bcdc475ec5a29cef5a33a5513ab1a7dc9f0f066b807a0980c41ec0037710873a32bd2952dbed79d24ca
Score1/10 -
-
-
Target
$TEMP/FeelingEyestrain-Launcher/u571/lib/deploy/messages_sv.properties
-
Size
3KB
-
MD5
81bbdea4dc9803a6eb78ce7d5ca018ed
-
SHA1
9aaf012276ad89ce7273cf5f0be4c95b72d906ab
-
SHA256
565b8ff1f31784378884d9d7468ffdfdda5b001acb5bb393a5006ac19be4e67a
-
SHA512
310017dd27c91c492188737494da04cab241d0bf4e91326afb4a3f98cbff78a6c0bbc14ec7e883597e9d506faa80ba4e9a25b5f46bfd2543850323061e829a84
Score1/10 -
-
-
Target
$TEMP/FeelingEyestrain-Launcher/u571/lib/deploy/messages_zh_CN.properties
-
Size
4KB
-
MD5
823d1f655440c3912dd1f965a23363fc
-
SHA1
50b941a38b9c5f565f893e1e0824f7619f51185c
-
SHA256
86663ded105b77261c0556468a93bc8666a094b918299a61af0a8e30f42019c7
-
SHA512
1ebf989d2121cf05ffc912b9b228c4d4523763eb1a689ec74568d811c88dcf11032ffc8007bb24daf7d079b580662b77d94b4b8d71a2e891ef27979ff32cd727
-
SSDEEP
96:Me7R8zl0Zf4z3X4Gv2hEpeStEKADydYL1WfK0eSm91j7:1R8pOfWHJvOJT1WPtK1j7
Score1/10 -
-
-
Target
$TEMP/FeelingEyestrain-Launcher/u571/lib/deploy/messages_zh_HK.properties
-
Size
3KB
-
MD5
4287d97616f708e0a258be0141504beb
-
SHA1
5d2110cabbbc0f83a89aec60a6b37f5f5ad3163e
-
SHA256
479dc754bd7bff2c9c35d2e308b138eef2a1a94cf4f0fc6ccd529df02c877dc7
-
SHA512
f273f8d501c5d29422257733624b5193234635bd24b444874e38d8d823d728d935b176579d5d1203451c0ce377c57ed7eb3a9ce9adcb3bb591024c3b7ee78dcd
Score1/10 -
-
-
Target
$TEMP/FeelingEyestrain-Launcher/u571/lib/deploy/messages_zh_TW.properties
-
Size
3KB
-
MD5
4287d97616f708e0a258be0141504beb
-
SHA1
5d2110cabbbc0f83a89aec60a6b37f5f5ad3163e
-
SHA256
479dc754bd7bff2c9c35d2e308b138eef2a1a94cf4f0fc6ccd529df02c877dc7
-
SHA512
f273f8d501c5d29422257733624b5193234635bd24b444874e38d8d823d728d935b176579d5d1203451c0ce377c57ed7eb3a9ce9adcb3bb591024c3b7ee78dcd
Score1/10 -
-
-
Target
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/access-bridge-32.jar
-
Size
183KB
-
MD5
13794986ca59819f6af7bd70022d7f8f
-
SHA1
6c5609cd023eb001dc82f1e989d535cd7ad407ee
-
SHA256
af555dd438214dcd68d55ebddcc0a05bf47def0efd9920e3955d11cc2623628e
-
SHA512
2e3c4e76fd911eff5f6983d6d7fbb0f998e5fb0bfe11921a83ac9f19bfb0c28b157354f1ac790094c354845025ab42f5a921fddf2a780497431f3912d7d3e518
-
SSDEEP
3072:9Mxm+j7ZPrDuryFpqOv2xHamAIGiDZDo81qnI/vs7O04OvwFgBgvH6:ONduOJv29amxGiDtonI87aGBgva
Score7/10-
Modifies file permissions
-
-
-
Target
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/access-bridge.jar
-
Size
183KB
-
MD5
82c16750374d5cca5fdaa9434baf8143
-
SHA1
9b49f07bfb6f4ae73eb9b2fadcae46e02e31f023
-
SHA256
1f0966ebd65544669395e9f490a3d397dcf122d5261566734bb422c68cfe64b8
-
SHA512
12a32fbe2a0a824ec33bd6d0a22066c0cb74d13eebc16622ffe420cd48b4eb5878c981384debe30285d6231b3224e5cd2380c22d8c18624e52e5c74b62221661
-
SSDEEP
3072:aMxm+j7ZPrDuryFpqOv2xHamAIGiDZDo81qnI/vs7O04OvwFgBPlHl:nNduOJv29amxGiDtonI87aGBPlF
Score7/10-
Modifies file permissions
-
-
-
Target
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/cldrdata.jar
-
Size
3.7MB
-
MD5
ae86774d28f1c8270a9bcbd12a9a1865
-
SHA1
7806c70550f435c2c87d2d15e427e5a9f97774e4
-
SHA256
0402fbcb23d381dede4df4228f2d100d8693c5b3bab885ab5eb98bcc0a269786
-
SHA512
2ea1e0372a087915fffcca2defc817c37bd038b02824bfec1da4e881a4c908a93aeb37daa38840f75bceafd02ec09088fe648b0305da0407e93407eac770be63
-
SSDEEP
98304:PI1SwP9utPgTIb0bxSxwF1nNZVdEILeH9IIyYNO4Inwz:PI1HYgkoxSxI9fs4UVIwz
Score7/10-
Modifies file permissions
-
-
-
Target
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/dnsns.jar
-
Size
8KB
-
MD5
7fa7f97fa1cc0cc8acc37b9dae4464ae
-
SHA1
c143646a6dbe2ebdb1fbf69c09793e7f07dbc1f5
-
SHA256
36820223c5b9a225dc3ff7c1c3930bdb112f1d9aab2bee954ff1a1c1828e2c54
-
SHA512
ad9a0e358be7a765b4a554e6bbe35bdd61a52bcac9f21915d84c2a1929780150dfdcf0e43121d0e844082b1bb92873ed848acf9b38ff3c7d826e5d0f5d32c26c
-
SSDEEP
192:tX5jIgU7WbMCc0XmHTEIWB7EH+mqcEb+wYtvEmkbKdG:tXZU7WbMoWTFWBAH+BCrEmkh
Score7/10-
Modifies file permissions
-
-
-
Target
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/jaccess.jar
-
Size
43KB
-
MD5
1a33ff1fdd789e655d5e2e99e9e719bd
-
SHA1
ae88e6000ebd7f547e3c047fc81ae1f65016b819
-
SHA256
a23a9a653a261c640703b42839137f8c4bf7650665e62dbdd7d538171bd72516
-
SHA512
0451393d805414d6633824f3d18b609f7495324fab56df4330e874a8995bd9e0da567d77db682d7fd1544cd7e6a3d10745c23db575035e391b02d6ee4c4362fd
-
SSDEEP
768:2YVL1eqfgKbWnXuZ/QvfBPJr+A6tkZQnWn109KqM9jE4z:2KL1eWgfnXuEfJQAdQnWn10kqg3z
Score7/10-
Modifies file permissions
-
-
-
Target
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/jfxrt.jar
-
Size
17.3MB
-
MD5
042b3675517d6a637b95014523b1fd7d
-
SHA1
82161caf5f0a4112686e4889a9e207c7ba62a880
-
SHA256
a570f20f8410f9b1b7e093957bf0ae53cae4731afaea624339aa2a897a635f22
-
SHA512
7672d0b50a92e854d3bd3724d01084cc10a90678b768e9a627baf761993e56a0c6c62c19155649fe9a8ceeabf845d86cbbb606554872ae789018a8b66e5a2b35
-
SSDEEP
49152:ZxJ9lXlkEhZWLyyQSgxv1/FGfnIWkRXe2p0F7tjRozGfVgMS55pU13JbL5xli3d6:ZhLk2bBSgnFGfnhAXLzAeylvi3dGT
Score7/10-
Modifies file permissions
-
-
-
Target
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/localedata.jar
-
Size
1.1MB
-
MD5
24857ad811ceda70bd0f087fd28b5b6e
-
SHA1
707305eb10b1464d40bdeabade77b80b984a621a
-
SHA256
321d646ad29a5b180ca98bb49e81c2c732523b7e5145a3c568766cec06b2b1cd
-
SHA512
a10a340bdb2de2d0d14ed804f04313d1d4cbd64ef0513a9e54b7fa95ffb05f2123c9095a4b2bffa4ddf3adea9a67e978d26d115a8f5677ae1bd0ee67c416fa5a
-
SSDEEP
12288:qLvFVMHxMyEg7+dYmx0nqEdgq2C942bjAHcOveMdDLtHHicwqJM5SznKMWKdk/H2:cF9rYmxQ5tOcOdFwqSYzn0DfYHs4jOBK
Score7/10-
Modifies file permissions
-
-
-
Target
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/nashorn.jar
-
Size
1.9MB
-
MD5
f3e3e7769994c69dff6e35ef938443ca
-
SHA1
758f42c0a03121ad980dc98be82dcaf790679e79
-
SHA256
cf0268ff39d19876bd42bf59e2ce93bb9aa57e5ee98c212bae0184bd87f2d35a
-
SHA512
ab4801e8538b9b84124d2b8c36e64232f16da686c5fa565c5de2091c910806a850464f5ccc79c9320df6f8cb943633fc38fea63f9e0593a44e3541f15f126951
-
SSDEEP
49152:fBkB7GOrPDSz0fHaIU1KDWtHkLs0amlyYu:fBkoOruSHa/4y/FmA
Score7/10-
Modifies file permissions
-
-
-
Target
$TEMP/FeelingEyestrain-Launcher/u571/lib/ext/sunec.jar
-
Size
38KB
-
MD5
a269905bbb9f7d02baa24a756e7b09d7
-
SHA1
82a0f9c5cbc2b79bdb6cfe80487691e232b26f9c
-
SHA256
e2787698d746dc25c24d3be0fa751cea6267f68b4e972cfc3df4b4eac8046245
-
SHA512
496841cf49e2bf4eb146632f7d1f09efa8f38ae99b93081af4297a7d8412b444b9f066358f0c110d33fea6ae60458355271d8fdcd9854c02efb2023af5f661f6
-
SSDEEP
768:ah0EOq/w9b3jpSo40ROLB2CUrQbNVkJBtw6pcZWztpQeA4Uz7NWnZVNB3gX083/z:aJOyw9b3joo4hLB2CUr2yBw6pcMtpS44
Score7/10-
Modifies file permissions
-