lumma | fc7473637cd1fcfe355a62bf69fbf930bef1c9c9a076eecd09968d2069faa51f

General

Target

FL_Activator.exe
Size

4.9MB
Sample

240422-19wknshb6s
MD5

f33899f10f3f51083a0ed6fac21df358
SHA1

ae1eafbdfcd2d43340936a19b5f5c4118d4c3bfc
SHA256

fc7473637cd1fcfe355a62bf69fbf930bef1c9c9a076eecd09968d2069faa51f
SHA512

44e9a627f1e8b68d6b9e933a2203575552ad818e6cf012236c6dfe787ae2d3df7d1ae639bb3abbb04dc68b95ca9bb5a7f15655d8a45661e1dea8529effa7de34
SSDEEP

49152:hC0AMnvxN/QDiMsXWAvSsG/fDz5Tk6eNbyG7jTg2FXx7ZIw6Jf8c5mEqDXgQNUIL:hC0AMnv5XPF7jTg25xcz5m/tO4FL

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://hearthingdirecwi.shop/api

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Targets

- Target
  
  FL_Activator.exe
- Size
  
  4.9MB
- MD5
  
  f33899f10f3f51083a0ed6fac21df358
- SHA1
  
  ae1eafbdfcd2d43340936a19b5f5c4118d4c3bfc
- SHA256
  
  fc7473637cd1fcfe355a62bf69fbf930bef1c9c9a076eecd09968d2069faa51f
- SHA512
  
  44e9a627f1e8b68d6b9e933a2203575552ad818e6cf012236c6dfe787ae2d3df7d1ae639bb3abbb04dc68b95ca9bb5a7f15655d8a45661e1dea8529effa7de34
- SSDEEP
  
  49152:hC0AMnvxN/QDiMsXWAvSsG/fDz5Tk6eNbyG7jTg2FXx7ZIw6Jf8c5mEqDXgQNUIL:hC0AMnv5XPF7jTg25xcz5m/tO4FL
Score

10^/10

zgrat rat lumma stealer
- Detect ZGRat V1
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

Lumma Stealer

ZGRat

.NET Reactor proctector

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2