General

  • Target

    RainwaySetup.exe

  • Size

    77.5MB

  • Sample

    240319-12pgdsha44

  • MD5

    119252b2492fe260ae6e86288f47681e

  • SHA1

    86e99df45c60c14debedf2fe8aa5ae3c58fdcba8

  • SHA256

    55626f87358dc713199e31869307ffcc9e38a08d7f204b5feb0181f17ea47519

  • SHA512

    bad80ea00dc0a198e0399b15ccc7f4d10c3bfe1fdd2d6f63a8281e4af9d7524a2556a5f467b033c659717b8821a8cb03194a362ab9ea7a08484126c63ffd160f

  • SSDEEP

    1572864:j1rENW7sV/fd5W6hUQz6aNM02KbWuwxNtv8uXQK9JU+HZNpkSeqS5VexR:jpEesV/G6hUQzHPgxNtv8EJUavkSRR

Malware Config

Extracted

Family

lumma

C2

https://colorfulequalugliess.shop/api

Targets

    • Target

      RainwaySetup.exe

    • Size

      77.5MB

    • MD5

      119252b2492fe260ae6e86288f47681e

    • SHA1

      86e99df45c60c14debedf2fe8aa5ae3c58fdcba8

    • SHA256

      55626f87358dc713199e31869307ffcc9e38a08d7f204b5feb0181f17ea47519

    • SHA512

      bad80ea00dc0a198e0399b15ccc7f4d10c3bfe1fdd2d6f63a8281e4af9d7524a2556a5f467b033c659717b8821a8cb03194a362ab9ea7a08484126c63ffd160f

    • SSDEEP

      1572864:j1rENW7sV/fd5W6hUQz6aNM02KbWuwxNtv8uXQK9JU+HZNpkSeqS5VexR:jpEesV/G6hUQzHPgxNtv8EJUavkSRR

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • PureLog Stealer

      PureLog Stealer is an infostealer written in C#.

    • PureLog Stealer payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

    • Target

      $TEMP/FeelingEyestrain-Launcher/u571/lib/deploy/messages_ko.properties

    • Size

      5KB

    • MD5

      64de22212ee92f29bca3aced72737254

    • SHA1

      c4dbc247043578ccf9cd8dab652d096703d5b26e

    • SHA256

      292696c94d5fd0bf2ff4af9e4d363bfcbe888d2e65bd18a20cf71081fb1c9b0d

    • SHA512

      ca33c75b66d8b5316b1c3ed41a9a14dd8611a3bb9b26efdc7f468250696d515cf1e966831975c9abdc33e9a1c59167fe79ba547592d2a04997e1342433e7b628

    • SSDEEP

      96:GhymCk3kjLqgz9RkfrsEW/p9M32i0HkZr+ywc8b8+/moD7yct070DL70Dm:Dm5kLfIErMbT/44in

    Score
    7/10
    • Target

      $TEMP/FeelingEyestrain-Launcher/u571/lib/deploy/messages_pt_BR.properties

    • Size

      3KB

    • MD5

      4078691ab22c4f0664856be0c024a52f

    • SHA1

      6247fc05de429f65dc4e1356c4715dc51f43b98f

    • SHA256

      6869b27b12b99c9d169b3e018284be0f7631dbdf2ddd5f4ea5b1a458736fdfdf

    • SHA512

      bb02765f69e23c732c790eb994800c83bb8efe7ff8ce0bcdc475ec5a29cef5a33a5513ab1a7dc9f0f066b807a0980c41ec0037710873a32bd2952dbed79d24ca

    Score
    1/10
    • Target

      $TEMP/FeelingEyestrain-Launcher/u571/lib/deploy/messages_sv.properties

    • Size

      3KB

    • MD5

      81bbdea4dc9803a6eb78ce7d5ca018ed

    • SHA1

      9aaf012276ad89ce7273cf5f0be4c95b72d906ab

    • SHA256

      565b8ff1f31784378884d9d7468ffdfdda5b001acb5bb393a5006ac19be4e67a

    • SHA512

      310017dd27c91c492188737494da04cab241d0bf4e91326afb4a3f98cbff78a6c0bbc14ec7e883597e9d506faa80ba4e9a25b5f46bfd2543850323061e829a84

    Score
    1/10
    • Target

      $TEMP/FeelingEyestrain-Launcher/u571/lib/deploy/messages_zh_CN.properties

    • Size

      4KB

    • MD5

      823d1f655440c3912dd1f965a23363fc

    • SHA1

      50b941a38b9c5f565f893e1e0824f7619f51185c

    • SHA256

      86663ded105b77261c0556468a93bc8666a094b918299a61af0a8e30f42019c7

    • SHA512

      1ebf989d2121cf05ffc912b9b228c4d4523763eb1a689ec74568d811c88dcf11032ffc8007bb24daf7d079b580662b77d94b4b8d71a2e891ef27979ff32cd727

    • SSDEEP

      96:Me7R8zl0Zf4z3X4Gv2hEpeStEKADydYL1WfK0eSm91j7:1R8pOfWHJvOJT1WPtK1j7

    Score
    1/10
    • Target

      $TEMP/FeelingEyestrain-Launcher/u571/lib/deploy/messages_zh_HK.properties

    • Size

      3KB

    • MD5

      4287d97616f708e0a258be0141504beb

    • SHA1

      5d2110cabbbc0f83a89aec60a6b37f5f5ad3163e

    • SHA256

      479dc754bd7bff2c9c35d2e308b138eef2a1a94cf4f0fc6ccd529df02c877dc7

    • SHA512

      f273f8d501c5d29422257733624b5193234635bd24b444874e38d8d823d728d935b176579d5d1203451c0ce377c57ed7eb3a9ce9adcb3bb591024c3b7ee78dcd

    Score
    1/10
    • Target

      $TEMP/FeelingEyestrain-Launcher/u571/lib/deploy/messages_zh_TW.properties

    • Size

      3KB

    • MD5

      4287d97616f708e0a258be0141504beb

    • SHA1

      5d2110cabbbc0f83a89aec60a6b37f5f5ad3163e

    • SHA256

      479dc754bd7bff2c9c35d2e308b138eef2a1a94cf4f0fc6ccd529df02c877dc7

    • SHA512

      f273f8d501c5d29422257733624b5193234635bd24b444874e38d8d823d728d935b176579d5d1203451c0ce377c57ed7eb3a9ce9adcb3bb591024c3b7ee78dcd

    Score
    1/10
    • Target

      $TEMP/FeelingEyestrain-Launcher/u571/lib/ext/access-bridge-32.jar

    • Size

      183KB

    • MD5

      13794986ca59819f6af7bd70022d7f8f

    • SHA1

      6c5609cd023eb001dc82f1e989d535cd7ad407ee

    • SHA256

      af555dd438214dcd68d55ebddcc0a05bf47def0efd9920e3955d11cc2623628e

    • SHA512

      2e3c4e76fd911eff5f6983d6d7fbb0f998e5fb0bfe11921a83ac9f19bfb0c28b157354f1ac790094c354845025ab42f5a921fddf2a780497431f3912d7d3e518

    • SSDEEP

      3072:9Mxm+j7ZPrDuryFpqOv2xHamAIGiDZDo81qnI/vs7O04OvwFgBgvH6:ONduOJv29amxGiDtonI87aGBgva

    Score
    7/10
    • Target

      $TEMP/FeelingEyestrain-Launcher/u571/lib/ext/access-bridge.jar

    • Size

      183KB

    • MD5

      82c16750374d5cca5fdaa9434baf8143

    • SHA1

      9b49f07bfb6f4ae73eb9b2fadcae46e02e31f023

    • SHA256

      1f0966ebd65544669395e9f490a3d397dcf122d5261566734bb422c68cfe64b8

    • SHA512

      12a32fbe2a0a824ec33bd6d0a22066c0cb74d13eebc16622ffe420cd48b4eb5878c981384debe30285d6231b3224e5cd2380c22d8c18624e52e5c74b62221661

    • SSDEEP

      3072:aMxm+j7ZPrDuryFpqOv2xHamAIGiDZDo81qnI/vs7O04OvwFgBPlHl:nNduOJv29amxGiDtonI87aGBPlF

    Score
    7/10
    • Target

      $TEMP/FeelingEyestrain-Launcher/u571/lib/ext/cldrdata.jar

    • Size

      3.7MB

    • MD5

      ae86774d28f1c8270a9bcbd12a9a1865

    • SHA1

      7806c70550f435c2c87d2d15e427e5a9f97774e4

    • SHA256

      0402fbcb23d381dede4df4228f2d100d8693c5b3bab885ab5eb98bcc0a269786

    • SHA512

      2ea1e0372a087915fffcca2defc817c37bd038b02824bfec1da4e881a4c908a93aeb37daa38840f75bceafd02ec09088fe648b0305da0407e93407eac770be63

    • SSDEEP

      98304:PI1SwP9utPgTIb0bxSxwF1nNZVdEILeH9IIyYNO4Inwz:PI1HYgkoxSxI9fs4UVIwz

    Score
    7/10
    • Target

      $TEMP/FeelingEyestrain-Launcher/u571/lib/ext/dnsns.jar

    • Size

      8KB

    • MD5

      7fa7f97fa1cc0cc8acc37b9dae4464ae

    • SHA1

      c143646a6dbe2ebdb1fbf69c09793e7f07dbc1f5

    • SHA256

      36820223c5b9a225dc3ff7c1c3930bdb112f1d9aab2bee954ff1a1c1828e2c54

    • SHA512

      ad9a0e358be7a765b4a554e6bbe35bdd61a52bcac9f21915d84c2a1929780150dfdcf0e43121d0e844082b1bb92873ed848acf9b38ff3c7d826e5d0f5d32c26c

    • SSDEEP

      192:tX5jIgU7WbMCc0XmHTEIWB7EH+mqcEb+wYtvEmkbKdG:tXZU7WbMoWTFWBAH+BCrEmkh

    Score
    7/10
    • Target

      $TEMP/FeelingEyestrain-Launcher/u571/lib/ext/jaccess.jar

    • Size

      43KB

    • MD5

      1a33ff1fdd789e655d5e2e99e9e719bd

    • SHA1

      ae88e6000ebd7f547e3c047fc81ae1f65016b819

    • SHA256

      a23a9a653a261c640703b42839137f8c4bf7650665e62dbdd7d538171bd72516

    • SHA512

      0451393d805414d6633824f3d18b609f7495324fab56df4330e874a8995bd9e0da567d77db682d7fd1544cd7e6a3d10745c23db575035e391b02d6ee4c4362fd

    • SSDEEP

      768:2YVL1eqfgKbWnXuZ/QvfBPJr+A6tkZQnWn109KqM9jE4z:2KL1eWgfnXuEfJQAdQnWn10kqg3z

    Score
    7/10
    • Target

      $TEMP/FeelingEyestrain-Launcher/u571/lib/ext/jfxrt.jar

    • Size

      17.3MB

    • MD5

      042b3675517d6a637b95014523b1fd7d

    • SHA1

      82161caf5f0a4112686e4889a9e207c7ba62a880

    • SHA256

      a570f20f8410f9b1b7e093957bf0ae53cae4731afaea624339aa2a897a635f22

    • SHA512

      7672d0b50a92e854d3bd3724d01084cc10a90678b768e9a627baf761993e56a0c6c62c19155649fe9a8ceeabf845d86cbbb606554872ae789018a8b66e5a2b35

    • SSDEEP

      49152:ZxJ9lXlkEhZWLyyQSgxv1/FGfnIWkRXe2p0F7tjRozGfVgMS55pU13JbL5xli3d6:ZhLk2bBSgnFGfnhAXLzAeylvi3dGT

    Score
    7/10
    • Target

      $TEMP/FeelingEyestrain-Launcher/u571/lib/ext/localedata.jar

    • Size

      1.1MB

    • MD5

      24857ad811ceda70bd0f087fd28b5b6e

    • SHA1

      707305eb10b1464d40bdeabade77b80b984a621a

    • SHA256

      321d646ad29a5b180ca98bb49e81c2c732523b7e5145a3c568766cec06b2b1cd

    • SHA512

      a10a340bdb2de2d0d14ed804f04313d1d4cbd64ef0513a9e54b7fa95ffb05f2123c9095a4b2bffa4ddf3adea9a67e978d26d115a8f5677ae1bd0ee67c416fa5a

    • SSDEEP

      12288:qLvFVMHxMyEg7+dYmx0nqEdgq2C942bjAHcOveMdDLtHHicwqJM5SznKMWKdk/H2:cF9rYmxQ5tOcOdFwqSYzn0DfYHs4jOBK

    Score
    7/10
    • Target

      $TEMP/FeelingEyestrain-Launcher/u571/lib/ext/nashorn.jar

    • Size

      1.9MB

    • MD5

      f3e3e7769994c69dff6e35ef938443ca

    • SHA1

      758f42c0a03121ad980dc98be82dcaf790679e79

    • SHA256

      cf0268ff39d19876bd42bf59e2ce93bb9aa57e5ee98c212bae0184bd87f2d35a

    • SHA512

      ab4801e8538b9b84124d2b8c36e64232f16da686c5fa565c5de2091c910806a850464f5ccc79c9320df6f8cb943633fc38fea63f9e0593a44e3541f15f126951

    • SSDEEP

      49152:fBkB7GOrPDSz0fHaIU1KDWtHkLs0amlyYu:fBkoOruSHa/4y/FmA

    Score
    7/10
    • Target

      $TEMP/FeelingEyestrain-Launcher/u571/lib/ext/sunec.jar

    • Size

      38KB

    • MD5

      a269905bbb9f7d02baa24a756e7b09d7

    • SHA1

      82a0f9c5cbc2b79bdb6cfe80487691e232b26f9c

    • SHA256

      e2787698d746dc25c24d3be0fa751cea6267f68b4e972cfc3df4b4eac8046245

    • SHA512

      496841cf49e2bf4eb146632f7d1f09efa8f38ae99b93081af4297a7d8412b444b9f066358f0c110d33fea6ae60458355271d8fdcd9854c02efb2023af5f661f6

    • SSDEEP

      768:ah0EOq/w9b3jpSo40ROLB2CUrQbNVkJBtw6pcZWztpQeA4Uz7NWnZVNB3gX083/z:aJOyw9b3joo4hLB2CUr2yBw6pcMtpS44

    Score
    7/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
7/10

behavioral2

lummapurelogstealerdiscoverypersistencestealer
Score
10/10

behavioral3

Score
1/10

behavioral4

discovery
Score
7/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

discovery
Score
7/10

behavioral17

Score
1/10

behavioral18

discovery
Score
7/10

behavioral19

Score
1/10

behavioral20

discovery
Score
7/10

behavioral21

Score
1/10

behavioral22

discovery
Score
7/10

behavioral23

Score
1/10

behavioral24

discovery
Score
7/10

behavioral25

Score
1/10

behavioral26

discovery
Score
7/10

behavioral27

Score
1/10

behavioral28

discovery
Score
7/10

behavioral29

Score
1/10

behavioral30

discovery
Score
7/10

behavioral31

Score
1/10

behavioral32

discovery
Score
7/10