Overview

overview

10

Static

static

10

a2cba812b7...cs.exe

windows7-x64

10

a2cba812b7...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a2cba812b73f8215b5c1e99f35f18f20_NeikiAnalytics

  • Size

    457KB

  • Sample

    240509-vs5jcsgd33

  • MD5

    a2cba812b73f8215b5c1e99f35f18f20

  • SHA1

    0ec853e0fa217d577593b7786ce5340e5d16c967

  • SHA256

    7503cb0252b1e13290eddaafa4c3c92c91cc7cd458fb785cfcb7790c5918f2ca

  • SHA512

    3343ec1151b4fa95ecbf4be6244824ed27f6809fda10c7700704463f8a2256726f27416cb5f34b0566a9f7851d40539b156ee868567526d06c93eb91fdd29098

  • SSDEEP

    6144:jqv0171gb3KJzP/cjiNZ/NCA//z8qB3VIuK9PJ/0iO9f+tVk/2dCrD8PfpLzBGjJ:f6b36P/NNZ1CCPkPJkEjsrm1o5j

Score
10/10
lummazgratratstealer

Malware Config

Extracted

Family

lumma

C2

https://acceptabledcooeprs.shop/api

https://obsceneclassyjuwks.shop/api

https://zippyfinickysofwps.shop/api

https://miniaturefinerninewjs.shop/api

https://plaintediousidowsko.shop/api

https://sweetsquarediaslw.shop/api

https://holicisticscrarws.shop/api

https://boredimperissvieos.shop/api

Targets

    • Target

      a2cba812b73f8215b5c1e99f35f18f20_NeikiAnalytics

    • Size

      457KB

    • MD5

      a2cba812b73f8215b5c1e99f35f18f20

    • SHA1

      0ec853e0fa217d577593b7786ce5340e5d16c967

    • SHA256

      7503cb0252b1e13290eddaafa4c3c92c91cc7cd458fb785cfcb7790c5918f2ca

    • SHA512

      3343ec1151b4fa95ecbf4be6244824ed27f6809fda10c7700704463f8a2256726f27416cb5f34b0566a9f7851d40539b156ee868567526d06c93eb91fdd29098

    • SSDEEP

      6144:jqv0171gb3KJzP/cjiNZ/NCA//z8qB3VIuK9PJ/0iO9f+tVk/2dCrD8PfpLzBGjJ:f6b36P/NNZ1CCPkPJkEjsrm1o5j

    Score
    10/10
    zgratratlummastealer

    • Detect ZGRat V1

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks