Overview

overview

10

Static

static

10

Adobe Acti...or.exe

windows7-x64

10

Adobe Acti...or.exe

windows10-2004-x64

10

Adobe Acti...ts.rtf

windows7-x64

4

Adobe Acti...ts.rtf

windows10-2004-x64

1

Adobe Acti...3d.chm

windows7-x64

1

Adobe Acti...3d.chm

windows10-2004-x64

1

Adobe Acti...ra.chm

windows7-x64

1

Adobe Acti...ra.chm

windows10-2004-x64

1

Adobe Acti...hs.chm

windows7-x64

1

Adobe Acti...hs.chm

windows10-2004-x64

1

Adobe Acti...ht.chm

windows7-x64

1

Adobe Acti...ht.chm

windows10-2004-x64

1

Adobe Acti...sy.chm

windows7-x64

1

Adobe Acti...sy.chm

windows10-2004-x64

1

Adobe Acti...an.chm

windows7-x64

1

Adobe Acti...an.chm

windows10-2004-x64

1

Adobe Acti...eu.chm

windows7-x64

1

Adobe Acti...eu.chm

windows10-2004-x64

1

Adobe Acti...ll.chm

windows7-x64

1

Adobe Acti...ll.chm

windows10-2004-x64

1

Adobe Acti...ng.chm

windows7-x64

1

Adobe Acti...ng.chm

windows10-2004-x64

1

Adobe Acti...sm.chm

windows7-x64

1

Adobe Acti...sm.chm

windows10-2004-x64

1

Adobe Acti...sn.chm

windows7-x64

1

Adobe Acti...sn.chm

windows10-2004-x64

1

Adobe Acti...in.chm

windows7-x64

1

Adobe Acti...in.chm

windows10-2004-x64

1

Adobe Acti...ra.chm

windows7-x64

1

Adobe Acti...ra.chm

windows10-2004-x64

1

Adobe Acti...eb.chm

windows7-x64

1

Adobe Acti...eb.chm

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Adobe Activator.rar

  • Size

    22.2MB

  • Sample

    240420-prwl6sgh22

  • MD5

    1fbcc955af913e12a5db9f234afa2237

  • SHA1

    4aaa1fd3feee11ac866ba5373a75c87526fa885e

  • SHA256

    39882128f3a30ccf40f60c9eaa228f2cd7982f0944ae63ac481bc71e58413a5c

  • SHA512

    cb107e8a8fffe03483b5627f57cc6a29ac4a332ac905393f1b6068b3a0d5d83132f621188aad1b2910fe539bf72adbe557c26d193c3586e372a89f2cce5c0704

  • SSDEEP

    393216:IY7PBFqL7nXtiy+HGQTTzhJHhM8/KjZrb7dhRi9Z1JfSc0nPkNcRUpCVuhiFq9MM:tPBQL7XtihJzhH3KtnwjSVM0UEVOID6

Score
10/10
lummazgratratstealer

Malware Config

Extracted

Family

lumma

C2

https://hearthingdirecwi.shop/api

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Targets

    • Target

      Adobe Activator/Adobe_Activator.exe

    • Size

      3.3MB

    • MD5

      8ded0a568e808b63422a05065514b7c4

    • SHA1

      b754cc6476c2929216f7951bf2fecf9176ef0cae

    • SHA256

      a0dd7b86f2723ebeee1e043352e6f7c3cc18e88299b320445977fa02d3a6a5d1

    • SHA512

      3fa4852ca7e4691d423a1fd71f546bcae0a15bd5186ebed6025633bd7ea8c2903eb373fd284a43a5df232e67e382807d63c3359e8972a8255847469ea6b07b2c

    • SSDEEP

      49152:Ix8/PCVQLflcAGJws458qXDZdmzRA1o2i4xlbjQS+QBExz:N8Ef2AxlmFAF7nwUBEB

    Score
    10/10
    zgratratlummastealer

    • Detect ZGRat V1

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Adobe Activator/Help/en-US/credits.rtf

    • Size

      710KB

    • MD5

      05b931430fd173bd22900dbaa8bbff10

    • SHA1

      af5176ee28dba4777e4ba3bd9351e5acb402b9f3

    • SHA256

      3ce703c36dfc6282c22991519309b921ae8f5b2653561ff3f9c1617dc2d6674e

    • SHA512

      e3fbecb7637bdcbf6045140dfd3359529d223e42ff8b03c1883b8011d9dde307f36e7cf1a4b56baa76e052314baf89a03e1f6036e9a443160db394ddd45fe55e

    • SSDEEP

      6144:HMgRS450MZ1cMa0C6byUnw1ZD63iT/r7Dd0ypdUSKi8Sl:HMgs4CMZ1cMa0C6B2DY0T7Ddd/USKi86

    Score
    4/10
    behavioral3behavioral4

    • Target

      Adobe Activator/Help/nvcpl/nv3d.chm

    • Size

      120KB

    • MD5

      b5f9ed44f46dc2a2b54baf908b9b9781

    • SHA1

      055edb27199525f84dca0adad555b5809dc70000

    • SHA256

      53136c96a99ec7f237470db34e49742ac99427ed6f2a22045ee9c45ce390bc69

    • SHA512

      d2a6af6df0a945e3439cdbac94ed14e1c93c3fae4a1e3cad907835abae90d0142b04c9d10a0c4a0620178f0d9f31214a45dc864241831b2a64cef371a11a66e9

    • SSDEEP

      3072:x3VpNumKOqLlFz0PNOsD2v8CGFM0Cbzq/bRsSohL3P1:x3Pnizg9D2UC6CUbCSaR

    Score
    1/10
    behavioral5behavioral6

    • Target

      Adobe Activator/Help/nvcpl/nv3dara.chm

    • Size

      166KB

    • MD5

      c1b0257579b0d16fbe0cd2d02dbfaa75

    • SHA1

      b9e2e3ffc55508f931a9f18021b5910edaea8228

    • SHA256

      bde3204ce98ad07f35af5a5d77cb9bcec604ae97b90a261c731e33cd86b4ec65

    • SHA512

      dde6f5b6df6a16362bfbce8ad5467ea26e9fca5fb73d539808902b32f9f6c69a51043fb377d142a77c7d13f4f0d023c6b4dd59a173462bcf67eccee81318f05f

    • SSDEEP

      3072:Bu6oJv2cg2QumsY2pFkMILWKqjWLSK8L2ZyWmD0fy85IMzY:Buf9ZQuzpFkMILWKtS3qBf7FU

    Score
    1/10
    behavioral7behavioral8

    • Target

      Adobe Activator/Help/nvcpl/nv3dchs.chm

    • Size

      159KB

    • MD5

      c5642a52a8a562c0e877a5305c5a5845

    • SHA1

      b29b6bbc0a369174602a67358eeea937e42f1d49

    • SHA256

      8c46faeb2037eb7935d24c880a712e65ab970da67a856d16ff0e7e9d7cab1e07

    • SHA512

      b5bcda70ab3cb8a9349fad02fd995071680b5dcd7b7f77647c68e27657e051e23ac373f74b17dc104ec08fefeb7a52ce3749f42af7bb6834e646a3940d64a171

    • SSDEEP

      3072:f2heZUqskDD7PdZ09rwJMTk0eb5vBFjRczuVllbKa:fBUJD9rwJMTk0eVf9zV

    Score
    1/10
    behavioral10behavioral9

    • Target

      Adobe Activator/Help/nvcpl/nv3dcht.chm

    • Size

      163KB

    • MD5

      cac8a4ed9640b74857a93fb8b77f62e3

    • SHA1

      c214272f9f89b99b44ebc3dafc8c84e3a945495b

    • SHA256

      1b3ae5a0bd843c09ee6662cd7a5f3d5b6f364ebce14afa85b268375df3c9c235

    • SHA512

      eea1cb16aa432e73927fb316f357a021cc10ff3e9e347110e1b6e14995ff07c19425f3d9b73a9b1fd43fe8731488ad4ae767ce2e7e062b5a0d2421d5acc972d4

    • SSDEEP

      3072:Ac/UIB28I0yE5WiOsOtrw8HfgQH8XHsJu0fR3xzTWu8KbjMb+FALzF:ARIB0zE56sONvHfNcXUvZ31qIFALR

    Score
    1/10
    behavioral11behavioral12

    • Target

      Adobe Activator/Help/nvcpl/nv3dcsy.chm

    • Size

      185KB

    • MD5

      b8d7042ddc7225d8292a0c615a3fb23b

    • SHA1

      c6e4b822eed0682e8c1ccd75d0d30c6df0b766d0

    • SHA256

      3003eb4f3d284477ce8eed97e07b123ae06023d441a36fb78e4b69c72d90b0c1

    • SHA512

      4842ce823f5b7e34391febf7fe51916e1081aa8cc2ce4ea77deeb1e1bc83e2279020cee09125a7c8b08dc65035a5fb694f6177c4fe0de4524b2bc21095949605

    • SSDEEP

      3072:/010+OC8shjxkBhaYRP+bq3UUm8N26TdIPJTqTZ9Pe1zIYSnqAlO+Stz6KnSnO:/010kt9kXnR2+EjPJOTZg17SnqES5n6O

    Score
    1/10
    behavioral13behavioral14

    • Target

      Adobe Activator/Help/nvcpl/nv3ddan.chm

    • Size

      150KB

    • MD5

      3f5ea602a3c7df10f04607bb4036ae91

    • SHA1

      41968743e4d80e8a1d71888dca040a26ab452ea0

    • SHA256

      d2ecb5acf630f64891c85d796cdfc251b83604921a6057c8c747e4d0383c0cbf

    • SHA512

      f8c57b8e8d07b5f88928cd57d07261af89f3e6ec2debf6a3d575fb113809ef31343058e750a81160b9a44ea63852f7ee1cd8d1bfac16919b059b3403086de15c

    • SSDEEP

      3072:kpVTpx2TlTw8sFQMCv57XtzTAmOHt8/YCFPWZlfoUwUGx1fCHMM:kpV+xU8sNg7XhTYm/2VohUc6t

    Score
    1/10
    behavioral15behavioral16

    • Target

      Adobe Activator/Help/nvcpl/nv3ddeu.chm

    • Size

      177KB

    • MD5

      47a7c297543cd404c3e70086c4f8fd21

    • SHA1

      6616b6298cbda41f896817ed40632cc605767d83

    • SHA256

      770f86dbed72fec9ed81a0882f0fb7ef77d4880f174a03682d932c9f6215cc24

    • SHA512

      1a76ac88571a9e0bd650d5e1d7d67d08fe10e43204b9bcf53bcae1e05894d2e96dbdc149f13c61d9df3d3211448d2810dced45b0fed72c3848089e45da5ef378

    • SSDEEP

      3072:Bwjpf2ZQKm2WEDdvNUZxgpGb6exP5LrlBNh5DNn531iQuASoBJ7/Ob:BwjpfGQK5LhNygpGb/xP51DhlNn5YhAo

    Score
    1/10
    behavioral17behavioral18

    • Target

      Adobe Activator/Help/nvcpl/nv3dell.chm

    • Size

      188KB

    • MD5

      3b29ce38a2bf1d68b9e5f47b224fc208

    • SHA1

      4b7181e8e31e220415b4014be9736a08394211ef

    • SHA256

      d348907c412f241ba167d9b7455af4579816f43f61bc652fd2f948dfa4400904

    • SHA512

      b7ae6fc5f4b2dd0b62dbd0ee18456fadc8381d62b5c152d71661113a3b4f12ae18302b9bb8e14f43301aa435621c7857a1ec4d6abc9edf1cd3a6e7ed0593be7d

    • SSDEEP

      3072:h9TwViy3DBLpdJtSeqMZ84VT0Vodj6MBPtMStodn32knlhRoJyVrBt8KYaq:h9ELTBLpZSeHvVTqVXdndtoJwBt8jL

    Score
    1/10
    behavioral19behavioral20

    • Target

      Adobe Activator/Help/nvcpl/nv3deng.chm

    • Size

      157KB

    • MD5

      3ecd51de3a504eec21d70ccf865d43dd

    • SHA1

      e36dc69365c8316509bde90bcd85379e088689cb

    • SHA256

      1d80c40950a02fe124d5450f0f2a4b177a497607575b4b13eb06debf958b6cea

    • SHA512

      7d7753c86f808440641f1d8aef255f787d23eb0af0aea886f0f8d85d994dc8a839f5df2f182e934c3508acbfa06de4a0d430df9076f141084fb1fab53f5d6490

    • SSDEEP

      3072:TrTTUcvjPGlZ2LByOsOKYRprh/tIM10HcYLM127AbK2G51wAe:Tr8rZ3lMpRtjYLM1BLm+Ae

    Score
    1/10
    behavioral21behavioral22

    • Target

      Adobe Activator/Help/nvcpl/nv3desm.chm

    • Size

      152KB

    • MD5

      b7835b96f85d64987c6f4e3f31d839ad

    • SHA1

      74e2d9d11cc07f7be8c973709cb706df42141d85

    • SHA256

      4d50a06d7f04fe32378fa237a9c0ea3b352096a39115d6cd540e73ead6b3bb37

    • SHA512

      7c542e20c5a06012eb40d2ca9afbbeb95f2ac1e7039593caa5ab56687db3efb25c4a0afc4bf03447676ac082460176450007cba86c317e0593fccce716633521

    • SSDEEP

      3072:MTogwY4zUvyhAI0o89AO/JuT5FcPUHU6ULUu+slUv:4CrzUKhN0o8zJuT50WU3yslG

    Score
    1/10
    behavioral23behavioral24

    • Target

      Adobe Activator/Help/nvcpl/nv3desn.chm

    • Size

      169KB

    • MD5

      73bfe0abbe2128c47ead3c96521a9d70

    • SHA1

      9780c4442a36f716be7b2da42068a7aa8f2d9356

    • SHA256

      78ea2fedd3ef6b2847b59a8d98b371cf82ad728bac19c740a654d1e5b733cc43

    • SHA512

      990b0c741a7166863fa966df7bcbc932d1e2925700e6e13f9fbf2c15cbd4d862f252c599d74074227cf6563a4e0e84a0a1475d88c8cca522aac423e420cbaaf5

    • SSDEEP

      3072:7SBSORLxRgLh1GJr4pGODBnDkHNe7PEAGUSM8XT42wIhev7RDyZAROqtqCb:WEORLxmfKiZDFD9PsPrc2wIA9QLqtqk

    Score
    1/10
    behavioral25behavioral26

    • Target

      Adobe Activator/Help/nvcpl/nv3dfin.chm

    • Size

      164KB

    • MD5

      0efe776961d3b5d75e2f2f2054a01ec0

    • SHA1

      46b6178eec1c2503c7563c6f8b25806327ca4c12

    • SHA256

      cabc965762d678f14e2187bbcb109f2cc796d9a84b9f168cf49dae270136ad99

    • SHA512

      52a6d5a6b20838611f9c1a218e2ea28c44f3fb851fcdacc5ff0e920654bf8a224be6e2671eca6603a29b6117d07c58b05438a0dd9063a9b997e2585575659f93

    • SSDEEP

      3072:0WHIytxYXU1f+dufJeE1sQrwwX5BTihAAD/JmtEqgxm8X8U11hvJT4JuAZREcLo1:0WHIyAqCEBsbwXqhjJ+Ebxm8MULhvIun

    Score
    1/10
    behavioral27behavioral28

    • Target

      Adobe Activator/Help/nvcpl/nv3dfra.chm

    • Size

      171KB

    • MD5

      b7af0f0de555f26450bebdd9f971c838

    • SHA1

      96048e51d0a112c2d6049c8a0752430051bc5b93

    • SHA256

      36da94c497de59e1154391f00dc08f058dbd2b4541c182f2c0abd84021d6f72c

    • SHA512

      1c18045ed1075e22fef6cc3ca31e8736be7845111d31e42d3c2f713637e6759130c11316d95ff2086d519e791ca68e41e6ded131f5304141c642208d5814df98

    • SSDEEP

      3072:gQ1T633ivRFRqnLA82jUqWGIww/RsvZ0UHnzfvKAL6At+dBQz/9:gQ1T6Sv9qcpjUq3fw/qNKAL6AtNz/9

    Score
    1/10
    behavioral29behavioral30

    • Target

      Adobe Activator/Help/nvcpl/nv3dheb.chm

    • Size

      171KB

    • MD5

      60299a0e19fef09eafb629d7b292d9e8

    • SHA1

      c482d3273069d9893bfaa52f3c4021e2335c1c37

    • SHA256

      a9cde2717a6fb7eb8067cbe2546ec0c280a77cb29e78d82bad455dfb0827fe3d

    • SHA512

      49c3f8a373f09a3748c2b1be157b419b93df2ec9f4915c93795cbc9547265bf33e53ced0699dccbecd92d607b4de8c8802a75b097277090752e8f8d355f99234

    • SSDEEP

      3072:d8/BVSC1G6TLjqTUgy+XVb5t3eNv9vTkLe2z7vk41uxMp:ypVSq/qQa/38ueOkfG

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

15
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

zgrat
Score
10/10

behavioral1

zgratrat
Score
10/10

behavioral2

lummazgratratstealer
Score
10/10

behavioral3

Score
4/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10