Overview

overview

10

Static

static

10

Sharingan.exe

windows7-x64

7

Sharingan.exe

windows10-2004-x64

7

SharinganAgent.dll

windows7-x64

1

SharinganAgent.dll

windows10-2004-x64

1

temka.dll

windows7-x64

10

temka.dll

windows10-2004-x64

10

undtct.dll

windows7-x64

1

undtct.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Lua-injctor.rar

  • Size

    7.3MB

  • Sample

    240421-bymqysfh4t

  • MD5

    fcd9c104980ad0ef2e0963b69192f3d3

  • SHA1

    86f31864fa0825fba345b1f6bea2dbb254a9629d

  • SHA256

    d50c09b73439c9730f2cb224f900b0de3be7a6b659614fe6569b80d4c68970ad

  • SHA512

    ad743ccb02621c6a1d4c101ed5f4778fdcb33945df95e2c8a264d4a4f03b0f41b5b7a11eb3a841574bd6e96954bc332d7dd34f82539be73ca89082b4e9867e6c

  • SSDEEP

    196608:X/O2rO7rgYr0YIe7itzOzwIz2buBrANUCcA58:XROsYIefRzmuB4U88

Score
10/10
blankgrabberlummaspywarestealerupx

Malware Config

Targets

    • Target

      Sharingan.exe

    • Size

      6.9MB

    • MD5

      a65aa936034e8a4f22832239d5a9d2bc

    • SHA1

      ee4e1b6e79dd23264ef7addfdad8c8de4bd0c8b1

    • SHA256

      67b70fff711534c5281245bf10b002f9d06bca7f3871be17ae50019c0a25db72

    • SHA512

      6b9c8662319b928c96220a820a0d96e2892850d631d18469cec8c9802330600df2cb2bd2475a47129a7075a4940dfe205c89f17645f007b2301e7026a21b554b

    • SSDEEP

      196608:A1mV1JgB6ylnlPzf+JiJCsmFMvNn6hVvTX:lgBRlnlPSa7mmvN+rX

    Score
    7/10
    upxspywarestealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware
    behavioral1behavioral2

    • Target

      SharinganAgent.dll

    • Size

      27KB

    • MD5

      e98ddc9fe2c416b86ec35deeba49a3a2

    • SHA1

      de41bb07c42651ab0a7e26bec6661ed3c31aef9b

    • SHA256

      b4eb0d76afcd3ef586df6296730f417f71faf9ec8d582c3c4b08e6b4d29e2e36

    • SHA512

      b2ffb741d435f9fead9704e7ab4eacca6e35a80cf5672181be1870f7350bae299b2d08cb25f1ef4511d972700917212a5dd9ea6eda8ea02945a21dfb89ff5696

    • SSDEEP

      384:jGU5cDT+QW7ZExn0ejMtnI88H4aqheUWI9m0WkuwJNajXYpmdGUcjxSpQPgZ1ifr:6i7m+eSI1HfqhsIQpwvxpmGoyYOfD

    Score
    1/10
    behavioral3behavioral4

    • Target

      temka.dll

    • Size

      170KB

    • MD5

      9635c0b506de97b5aa38ec70edeb47a4

    • SHA1

      f7544a9ecc2383d92fef086dd6c4a9acc2ce4d8f

    • SHA256

      a23e5988987b35ac0faa6d36e45204879a9d8094cb59e2e0ec6d3dc24164984f

    • SHA512

      249b811a944001d9ce08dc8f366d5ca7754c76189ddebb0707410ae70340f240510258489544d21b4b82970e400048ad80cc37f24445dded8980e2042ad8e948

    • SSDEEP

      3072:En8ZQUV0egZZOTUj93VuHziZMd86ZvsOvwI8Pjne6ra9KB/BjTwA7Ev3Pv9:E9UV0egeTw9344I86ZvsODseM/Ba3v9

    Score
    10/10
    lummastealer

    • Detect Lumma Stealer payload V4

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma
    behavioral5behavioral6

    • Target

      undtct.dll

    • Size

      1015KB

    • MD5

      3e9e02ce2b577d62b35c34aa6ec027e2

    • SHA1

      9c464e6edc2e6a4bc17d28a68d5217a134b8f368

    • SHA256

      2c81fcf3f79f98c78963da78d234dcf6dd36c9503438121d384b39edb0ca272b

    • SHA512

      7eb9a3580ce664e78ccf89130581de6e5e816337f4953b192038baafd7ad163a096250aa2f93f4dab68dfec0e25987845777f70d37afd37bab73e793e680f68c

    • SSDEEP

      12288:Cab/0Xn458xRrPzrUBHK5fhgxFmXEP2f7K46TnSEl1yt6zzng0LNU5w37A6Dv:ClXn458xRrPztgxoGRNU5w37J

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Process Discovery

1
T1057

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks