General
-
Target
34f10ff655b73c34bb13f79f7f7e4220_NeikiAnalytics
-
Size
3.8MB
-
Sample
240513-3dfwfshg61
-
MD5
34f10ff655b73c34bb13f79f7f7e4220
-
SHA1
56fb9f28c0fdf5abd9cfbe598dd38e06ac346afa
-
SHA256
ce5f772f0350f2d6865071c10b5fd832b76f4fa3a63d8aa6ffa494c302335ecc
-
SHA512
1f6cad1af1ad5e9a637383f62af7dd427020017ba7b86f7c77c676947c74e579e2eee574ea6ebfe5fd7168179c73771c0c665f840a8cdc0c0e71c9c09ba37228
-
SSDEEP
49152:qQiJrlduJpoX7mzpzOd3BI9tpqTVgG4MZ3PnPzl2/NLHRibD01BTQJuePj3x2Q7b:IJrl4pjzOBogB/nbqZHRi3eKJ/PTMQ7
Malware Config
Extracted
lumma
https://glossydecentjuskwos.shop/api
https://acceptabledcooeprs.shop/api
https://obsceneclassyjuwks.shop/api
https://zippyfinickysofwps.shop/api
https://miniaturefinerninewjs.shop/api
https://plaintediousidowsko.shop/api
https://sweetsquarediaslw.shop/api
https://holicisticscrarws.shop/api
https://boredimperissvieos.shop/api
Targets
-
-
Target
34f10ff655b73c34bb13f79f7f7e4220_NeikiAnalytics
-
Size
3.8MB
-
MD5
34f10ff655b73c34bb13f79f7f7e4220
-
SHA1
56fb9f28c0fdf5abd9cfbe598dd38e06ac346afa
-
SHA256
ce5f772f0350f2d6865071c10b5fd832b76f4fa3a63d8aa6ffa494c302335ecc
-
SHA512
1f6cad1af1ad5e9a637383f62af7dd427020017ba7b86f7c77c676947c74e579e2eee574ea6ebfe5fd7168179c73771c0c665f840a8cdc0c0e71c9c09ba37228
-
SSDEEP
49152:qQiJrlduJpoX7mzpzOd3BI9tpqTVgG4MZ3PnPzl2/NLHRibD01BTQJuePj3x2Q7b:IJrl4pjzOBogB/nbqZHRi3eKJ/PTMQ7
Score10/10-
Detect ZGRat V1
-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-