lumma | d0d6cabab10e62f0261e2ca13daa453b4ec38c9f81880a55d1aca04c8ae5a3fa

Target

Ro-exec Executor.zip
Size

479KB
Sample

240406-crp36shg25
MD5

86711d8e3a8e9373c52040db6d438789
SHA1

a9a42faf7ead5847d727f7dd378822d656d58dbf
SHA256

d0d6cabab10e62f0261e2ca13daa453b4ec38c9f81880a55d1aca04c8ae5a3fa
SHA512

38e98b43babf3ba4eaf5d79f85cbb5049df7c17019a700afac52371de6f112a426e67c20d5cb37fcfbcf8aa78a4b4d1596ea0afb5843cbb93628c0540cee888b
SSDEEP

12288:JkwR6R+2byyNRU0Yz3jBL75xwc4XscIFl4zA6fzvBLT:Jkz+2b1rKjRdxwr81FlQxfDxT

Score

10^/10

Malware Config

Extracted

Family

lumma

https://birdpenallitysydw.shop/api

Targets

- Target
  
  Launcher.bat
- Size
  
  544B
- MD5
  
  17033b44988e812ebade9022cba3584f
- SHA1
  
  3c98c9f36212cfeec679057cabb1ea5d4bffb1a1
- SHA256
  
  deda21bef6613c01484a7c219070f1c510d96a31373a9561e31a8e45b3c94473
- SHA512
  
  9f54c72cafeedb4b332e8c4d438e88475d1757ea4ffdf23d13d0f1bae55806b3fe58cf48002085f5a867c5d8906c4b7674584c4070288e35026037cdc33eb282
Score

10^/10

lumma zgrat rat spyware stealer
- Detect ZGRat V1
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  compiler.exe
- Size
  
  89KB
- MD5
  
  dd98a43cb27efd5bcc29efb23fdd6ca5
- SHA1
  
  38f621f3f0df5764938015b56ecfa54948dde8f5
- SHA256
  
  1cf20b8449ea84c684822a5e8ab3672213072db8267061537d1ce4ec2c30c42a
- SHA512
  
  871a2079892b1eb54cb761aebd500ac8da96489c3071c32a3dab00200f74f4e12b9ab6c62623c53aea5b8be3fc031fb1b3e628ffe15d73323d917083240742b0
- SSDEEP
  
  1536:Ee7h7q/J6K3nHC+AGUob2f0DBFPbPWNPWp350NHcHkDsWqxcd2ZPSAv:Ee7oU8HC+AGUu2abPbPWQpO8E0A2tSAv
Score

1^/10
behavioral3 behavioral4
- Target
  
  lua51.dll
- Size
  
  592KB
- MD5
  
  3dff7448b43fcfb4dc65e0040b0ffb88
- SHA1
  
  583cdab08519d99f49234965ffd07688ccf52c56
- SHA256
  
  ff976f6e965e3793e278fa9bf5e80b9b226a0b3932b9da764bffc8e41e6cdb60
- SHA512
  
  cdcbe0ec9ddd6b605161e3c30ce3de721f1333fce85985e88928086b1578435dc67373c3dc3492ed8eae0d63987cac633aa4099b205989dcbb91cbbfc8f6a394
- SSDEEP
  
  12288:rs7/mj/73RaLHIW5BmUeUhoE4RgiF1q1bPIBKsg4Db0S:rc/u/7IoRnUKfq1Dl4DY
Score

3^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

Lumma Stealer

ZGRat

Executes dropped EXE

Loads dropped DLL

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

We care about your privacy.