Overview

overview

10

Static

static

10

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c0d7231617470901a6047d790b9935ae087658d6805544c9ee4ce3f09efb055d

  • Size

    5.9MB

  • Sample

    240429-eka2sahe38

  • MD5

    0bbb5d8950e6d3af916f204ea8f63dfb

  • SHA1

    30fb5e207e1e9a01c0acc6f4a4a828bbd3cef2cd

  • SHA256

    c0d7231617470901a6047d790b9935ae087658d6805544c9ee4ce3f09efb055d

  • SHA512

    f6bebd9dc66fd98463f3f3ffed4d9fcdaa8f485e96980aef72c6fa2f009d5007c7d7a13926ec26c9cbf03ab4e2c8b7c440c7bbce0c6e5ea8c3240cc252f356d9

  • SSDEEP

    98304:eMkulhD5woxAnrl8ApUn2qWfJ6E43pwyblno5:eXulhD5wznJ8A62qWx6h32ybm5

Score
10/10
lummazgratratstealer

Malware Config

Extracted

Family

lumma

C2

https://despairphtsograpgp.shop/api

https://secretionsuitcasenioise.shop/api

https://modestessayevenmilwek.shop/api

https://triangleseasonbenchwj.shop/api

https://culturesketchfinanciall.shop/api

https://sofahuntingslidedine.shop/api

Targets

    • Target

      c0d7231617470901a6047d790b9935ae087658d6805544c9ee4ce3f09efb055d

    • Size

      5.9MB

    • MD5

      0bbb5d8950e6d3af916f204ea8f63dfb

    • SHA1

      30fb5e207e1e9a01c0acc6f4a4a828bbd3cef2cd

    • SHA256

      c0d7231617470901a6047d790b9935ae087658d6805544c9ee4ce3f09efb055d

    • SHA512

      f6bebd9dc66fd98463f3f3ffed4d9fcdaa8f485e96980aef72c6fa2f009d5007c7d7a13926ec26c9cbf03ab4e2c8b7c440c7bbce0c6e5ea8c3240cc252f356d9

    • SSDEEP

      98304:eMkulhD5woxAnrl8ApUn2qWfJ6E43pwyblno5:eXulhD5wznJ8A62qWx6h32ybm5

    Score
    10/10
    zgratratlummastealer

    • Detect ZGRat V1

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks