Overview

overview

10

Static

static

3

Quest Adve...er.zip

windows7-x64

1

Quest Adve...er.zip

windows10-2004-x64

1

Quest Adve...er.exe

windows7-x64

10

Quest Adve...er.exe

windows10-2004-x64

10

Quest Adve...ch.exe

windows7-x64

1

Quest Adve...ch.exe

windows10-2004-x64

1

Quest Adve...or.exe

windows7-x64

1

Quest Adve...or.exe

windows10-2004-x64

1

Quest Adve...er.exe

windows7-x64

1

Quest Adve...er.exe

windows10-2004-x64

1

Quest Adve...ar.exe

windows7-x64

1

Quest Adve...ar.exe

windows10-2004-x64

1

Quest Adve...er.exe

windows7-x64

1

Quest Adve...er.exe

windows10-2004-x64

1

Quest Adve...va.exe

windows7-x64

1

Quest Adve...va.exe

windows10-2004-x64

1

Quest Adve...ac.exe

windows7-x64

1

Quest Adve...ac.exe

windows10-2004-x64

1

Quest Adve...oc.exe

windows7-x64

1

Quest Adve...oc.exe

windows10-2004-x64

1

Quest Adve...md.exe

windows7-x64

1

Quest Adve...md.exe

windows10-2004-x64

1

Quest Adve...mplate

windows7-x64

3

Quest Adve...mplate

windows10-2004-x64

3

Quest Adve...erties

windows7-x64

3

Quest Adve...erties

windows10-2004-x64

3

Quest Adve...erties

windows7-x64

3

Quest Adve...erties

windows10-2004-x64

3

Quest Adve...curity

windows7-x64

3

Quest Adve...curity

windows10-2004-x64

3

Quest Adve...ME.txt

windows7-x64

1

Quest Adve...ME.txt

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quest Adventure Installer.zip

  • Size

    178.1MB

  • Sample

    240513-tj7rpadb6z

  • MD5

    030a7b05dffcd8aa334981f4300de135

  • SHA1

    876b186128ab03d9a105f25de7fed549d7ce6fcf

  • SHA256

    30a0ca3adae2a904fa533369a5157a9e9bf93678794f405b981f15fd2676c6a0

  • SHA512

    e9e54537c13e5df4c4e5bb6081e656f42e5135da85fed85609793baa4cc99107cb669daa76fe9a9ab331887cfc5d9a9a639ffbbdf69137d2e67c8ade10a51fa6

  • SSDEEP

    3145728:Gy7fujd1UhNbuQD6PCxalf58mlgop2yRBiVtSnH7RIaLrDsZr:f2TCR6qQf50opHBz7S4AZr

Score
10/10
lummaredlinezgratinfostealerratspywarestealer

Malware Config

Extracted

Family

lumma

C2

https://economicscreateojsu.shop/api

https://entitlementappwo.shop/api

https://pushjellysingeywus.shop/api

https://absentconvicsjawun.shop/api

https://suitcaseacanehalk.shop/api

https://bordersoarmanusjuw.shop/api

https://mealplayerpreceodsju.shop/api

https://wifeplasterbakewis.shop/api

Targets

    • Target

      Quest Adventure Installer.zip

    • Size

      178.1MB

    • MD5

      030a7b05dffcd8aa334981f4300de135

    • SHA1

      876b186128ab03d9a105f25de7fed549d7ce6fcf

    • SHA256

      30a0ca3adae2a904fa533369a5157a9e9bf93678794f405b981f15fd2676c6a0

    • SHA512

      e9e54537c13e5df4c4e5bb6081e656f42e5135da85fed85609793baa4cc99107cb669daa76fe9a9ab331887cfc5d9a9a639ffbbdf69137d2e67c8ade10a51fa6

    • SSDEEP

      3145728:Gy7fujd1UhNbuQD6PCxalf58mlgop2yRBiVtSnH7RIaLrDsZr:f2TCR6qQf50opHBz7S4AZr

    Score
    1/10
    behavioral1behavioral2

    • Target

      Quest Adventure Installer/GameLauncher.exe

    • Size

      1.6MB

    • MD5

      b7dc1166dbcd5df0a6c7c6ce4e72c30b

    • SHA1

      cd034c1468bdcb81cc52efeba5c95857d60cc537

    • SHA256

      e6fad824874c1ba468b8a4f94acd705cccb0c4d316b321eb3935c2160e1217f1

    • SHA512

      aade2a596c8e714a56b54c6618d870dd2e5bef8bd37b128a5406785bb5d80c1ae15cd34aca1dad9c0db36ff0bb08dfef65e54bf94d3638e00fbe5d6b2ef73e6a

    • SSDEEP

      24576:IdHHNmOzj4d9c8r1zSYiNED/MZvR4x6ApJT8v4A4n:eHQOJ5YiNED/MZvR3AbVA

    Score
    10/10
    redlinezgratinfostealerratspywarelummastealer

    • Detect ZGRat V1

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

    • Target

      Quest Adventure Installer/JRE/bin/jabswitch.exe

    • Size

      41KB

    • MD5

      6ad6f701797e4c1b00cae6d71732ffb3

    • SHA1

      2af4b12ae9320389919693f2aff5b8f8eb94d0fb

    • SHA256

      7c683a6e3af1c21c9091b44520eb5c4f350bd38d5c5c3bf452d23d9c057401ca

    • SHA512

      3c0f7f186d188dd1117dce752579de536a5f6941f8de148a71a2edf8533bc670fca670ef2dbdc19ae96061db16ab83a944e3215620fb75f11a40594013642d8a

    • SSDEEP

      768:sqlK3hiE/AkY/PXhqcADCH11B+QfrVzpsuCJ/1YiUFVzUhK:LlKRX/ABXgDCvB+QfrVCJN7Uvn

    Score
    1/10
    behavioral5behavioral6

    • Target

      Quest Adventure Installer/JRE/bin/jaccessinspector.exe

    • Size

      101KB

    • MD5

      463478b4ed2c720af1e70eacae039558

    • SHA1

      eb54815acf2df7b33d9005357069bc567f4ab6f6

    • SHA256

      2efe5f7dc2e4993210041f4ab4d775583dd57bcfa5ec9a2f8683b33accaf84cb

    • SHA512

      3417d4b800c7211157256e280bdd77f0f429cae6548bc6976ef4050ddd80cb07a4aaec359bd621d48f5a80355fef52a7db84c6566e6ec8dd79a4523e75af9609

    • SSDEEP

      3072:UNxpEifIevPd21GaEOQwd/pDA9ohYNUPt512T0PON29PejrN2x0ll3UEHaUEn+7d:oxpEifIevPd21GaEOQwd/pDA9ohYNUPG

    Score
    1/10
    behavioral7behavioral8

    • Target

      Quest Adventure Installer/JRE/bin/jaccesswalker.exe

    • Size

      66KB

    • MD5

      3f9e49634b38d2adf96f88d18eca5257

    • SHA1

      8c7ce19d88b25e55131ce1152fc326c937c5328a

    • SHA256

      a3c2a9e9b5820e4a218272660e76eba0faf9da8b6b4039c1a053d7b279840edf

    • SHA512

      d72f184cfe0e939c7f01d57abb6237e745137152992fb7cd0528b1a3e46fd22af35687b114faa90bbed4214b48467453e6a2d9e81b3910b90d718f86eea12acd

    • SSDEEP

      1536:50mZ0y4YufkoTgDH5rFloPZwTOLa7eEfdkAzjkfzFyBCCpcE9zY9QQ+o8BtWH53J:umZ0y4YufkoTgDH5rFloPZwTOLa7eEf6

    Score
    1/10
    behavioral10behavioral9

    • Target

      Quest Adventure Installer/JRE/bin/jar.exe

    • Size

      20KB

    • MD5

      dcd7052f62acee03f755fbed49937df6

    • SHA1

      922444b30bf4cfd2a04752ced48b03711798d227

    • SHA256

      3dfe37237ed3c50385f390d239ab7501af81be09ca154ce6f671fc955eb67620

    • SHA512

      b3d7af1cef9bc29634fe8f94253bb90120fc9dfbec2b2697789b46659be4fc4facb9f3e079e8c8d167f3cfe50e117c6e094c25e9efaf63eaf37b1d43cef1b8fa

    • SSDEEP

      384:u4Mgvl1oqagXaBKFyJxsA5AAIYieTFhO0mzt/hk:jSqHZFGsA5uYiUFmzt/hk

    Score
    1/10
    behavioral11behavioral12

    • Target

      Quest Adventure Installer/JRE/bin/jarsigner.exe

    • Size

      20KB

    • MD5

      086dbefacc6e82342ac377bdb1032c48

    • SHA1

      727b4168f162798415c44989972b887b22ee228c

    • SHA256

      fffe29ca53fe8abe68570fa0bed05011fbd4f37bd829206e04630bbc5b24823e

    • SHA512

      3ac35a785c3aa6d48c5b508d843ab25bcd08c1da4f1c2341d347b838fc7001a054b1afc0c667154b1d3cffa13f5bff38440fb9e7f95c1b3f5678558a0de13d21

    • SSDEEP

      384:44cgPl1oqcGBKFfWUteA5AIIYieTFhO0GzahC8w:dSqGFPeA5qYiUFGzahS

    Score
    1/10
    behavioral13behavioral14

    • Target

      Quest Adventure Installer/JRE/bin/java.exe

    • Size

      46KB

    • MD5

      17e95d746b4b9c30f682badcfbebffb7

    • SHA1

      354d8ae7ec9ac0e467f248a8d43c704e683a572b

    • SHA256

      3ab0516b67b52410f07a92504a50243f23ed8a7a51abed0d76a1bee4b0dbefc7

    • SHA512

      bc7b6e0de9106f41253e6e7e18e46dc3ea96515751368b3225fb0757dd90f881529743eb3c376375ef9a599cac914b4215334e23febe58a60ee630e54caad02e

    • SSDEEP

      768:/gqFjM5R2TyJ5R3s8D/bkt5Ruz3Vb3XEA51YiUF5zxBhl:/gSM5RdJ5R3sozkt5RA3XV517UHFx

    Score
    1/10
    behavioral15behavioral16

    • Target

      Quest Adventure Installer/JRE/bin/javac.exe

    • Size

      20KB

    • MD5

      e148f9f9e80a8388ae99d1bfe98ed7cc

    • SHA1

      803dec16e0af9b80c4d78158067e9d5cd797479b

    • SHA256

      fc70e4a29da6a71a9c3fc349ea597a9c6335dae81064fb2cc8e56f7178324360

    • SHA512

      64924ef308eaed72c23ec131cc69231862ce9f825b97160a114979922f0c20d6e1fa843aa60c7746c2975739f250b05cd65d79f391299a7535b457ad7d640be7

    • SSDEEP

      384:uIaQgPLeq/uEBKF+vKA5ABIYieTFhO0Rz+qEkShqjw:snSqoFOKA51YiUFRz73ShqE

    Score
    1/10
    behavioral17behavioral18

    • Target

      Quest Adventure Installer/JRE/bin/javadoc.exe

    • Size

      20KB

    • MD5

      eeffcb2bb162523e05d5cbde22e4931f

    • SHA1

      e86589ef0fe48e2a87966b622821c3101dd2a50c

    • SHA256

      9ed8b65917f5a54ecde006af6d8fd9711cfe529552da666f19037c29f2c25a87

    • SHA512

      eca6978d88395f5c60be86b7a3030cdf269cd8002b2026aca7e94d4776e6b5aeefea4a90275323368af46f074d205a5991f6e2629630b768331a596d942fdd11

    • SSDEEP

      384:aIKQgPLeqSn5BKFkyUA5ArIYieTFhO06zQUhU:gnSqTFtUA5LYiUF6zBhU

    Score
    1/10
    behavioral19behavioral20

    • Target

      Quest Adventure Installer/JRE/bin/jcmd.exe

    • Size

      20KB

    • MD5

      ec1a9abf879d7f1c2301cb8c5e0f2bdb

    • SHA1

      ce4c9679998dc60eb868334b9d0cba0de2c6c5ff

    • SHA256

      9400a404471d167cc86b721b4c6e61de8166bf5292cc09f62cc799bb84d1647a

    • SHA512

      db57ac5b250da1e3f990d06e080850c09c2a59cc522b63ff4ec364af6e10846af816c8c0b7413ad7a5500480a0d7875db9a1076791fc89a7ef7e99e83276168d

    • SSDEEP

      384:V4Mgvl1oquxaBKFyu+mA5AsTIYieTFhO0wzshlUB:MSqGFOmA5FcYiUFwzshq

    Score
    1/10
    behavioral21behavioral22

    • Target

      Quest Adventure Installer/JRE/conf/management/jmxremote.password.template

    • Size

      5KB

    • MD5

      ad773cfd53efe03e662f1cf23561f725

    • SHA1

      3bad5b040b6d7117df4c40609ea0f8074339ee47

    • SHA256

      0273b6a6b9e20e6ce54c5aee70164028e0395063b2b7d39060a40b6495543dbf

    • SHA512

      e6794168ba80a8ff733d8c1771930ae8c8fc33030e5e9ca02700f326c88a2f68ff09bc734bfd1e492ef15705b288c7918ce1f3f7174742dee6a62dfe086abd65

    • SSDEEP

      96:MdJb7RT9iQj/y3LNNWoT2Wjb3LpjtzIVSnQDeJuV9uiS2T4Z:059ipz1nlZzIVSnQDeJqpSSO

    Score
    3/10
    behavioral23behavioral24

    • Target

      Quest Adventure Installer/JRE/conf/management/management.properties

    • Size

      14KB

    • MD5

      055470250aefd21bb36a38aa74c9d9be

    • SHA1

      a69b8a1d371d0e284490797d0b7bd952b339c92f

    • SHA256

      f80096ec028dcb71625c398ec16d12023cafc6a1c055aceaed07d02e8d56f637

    • SHA512

      f28be5155e8de08d1bc4992b2941e40b56ac3266cab3aa48726c2dd3e720cc2f52dd63713658b4186ac31bd83c2178841ce776c3458cb8577a60c16714c2a643

    • SSDEEP

      192:uRo1ZVZHV+Dq3xtPbDxPqZwNrLTesyuVcAXiiPpkI:ikZTHV+Dq3xtP3xPqaNr/es11v

    Score
    3/10
    behavioral25behavioral26

    • Target

      Quest Adventure Installer/JRE/conf/net.properties

    • Size

      6KB

    • MD5

      385443b7e4a37bc277c018cd1d336d49

    • SHA1

      b2c0dfb00bf699e817bdd49b14bc24b8d3282c65

    • SHA256

      5bc726671936e0af4fdf6bed67d9e3a20a92c30b0ba23673d0314baa5e3ffb08

    • SHA512

      260afc7671a1dc0c443564f1d10386f0b241bb53c76df68d8d03f1d0b1ceaf3f68847ab3477732c876c2b01c812ef7521744befe88e312f3aa63164b608b67a1

    • SSDEEP

      96:6ATE+VEtGObfObz3Ob6Onte3CO0V+r/aJ7SFXtqBZUT+gTzDuBnZkRnF:/LVGG4f4z346et5m27SnCgTe9GnF

    Score
    3/10
    behavioral27behavioral28

    • Target

      Quest Adventure Installer/JRE/conf/security/java.security

    • Size

      56KB

    • MD5

      00cf40959861f61f17b90c6b6002a9a1

    • SHA1

      982e48466428e1f49c1a5941c73afdacefd1d22e

    • SHA256

      38166a975348862d693d95de8d676cf19cecccc45af4a1896c73c45f7bd966ef

    • SHA512

      bad90152685279d896a4063d76dec5befe14831d3dd3260929b9a639505e898fa996b52aab3821a51c6c9aa09d956a23a8bdd870377a10e75c9399629cab5779

    • SSDEEP

      768:rfBzVIMtipMfSSvAOUjt1p+SiIj4sjyaF/IJnoIqHihz3oFoBfCDqrsoZ9d5eDF:rIMy8SCAOUjt1p5/jCG/UoQhzYKpNnCF

    Score
    3/10
    behavioral29behavioral30

    • Target

      Quest Adventure Installer/JRE/conf/security/policy/README.txt

    • Size

      2KB

    • MD5

      3d47d94bc4f19d18bcc8b23f51d013af

    • SHA1

      a97cd312d6a2a9c8c780c15e5af51a2f4f97c2cb

    • SHA256

      6da0747334b0fea7592fd92614b2bbc8b126535e129b1fee483774d914e98eb5

    • SHA512

      68a031264cf9442526307364ca74b336af55564c233c2f514cac48e910022767562f8ff6a64bb9cfcbf0fb5e755289273382c9246418a4b9207fc7761d03c64e

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

redlinezgratinfostealerratspyware
Score
10/10

behavioral4

lummaredlinezgratinfostealerratspywarestealer
Score
10/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
1/10

behavioral32

Score
1/10