lumma | 30a0ca3adae2a904fa533369a5157a9e9bf93678794f405b981f15fd2676c6a0

Sharing

Copy URL

Twitter E-mail

General

Target

Quest Adventure Installer.zip
Size

178.1MB
Sample

240513-tj7rpadb6z
MD5

030a7b05dffcd8aa334981f4300de135
SHA1

876b186128ab03d9a105f25de7fed549d7ce6fcf
SHA256

30a0ca3adae2a904fa533369a5157a9e9bf93678794f405b981f15fd2676c6a0
SHA512

e9e54537c13e5df4c4e5bb6081e656f42e5135da85fed85609793baa4cc99107cb669daa76fe9a9ab331887cfc5d9a9a639ffbbdf69137d2e67c8ade10a51fa6
SSDEEP

3145728:Gy7fujd1UhNbuQD6PCxalf58mlgop2yRBiVtSnH7RIaLrDsZr:f2TCR6qQf50opHBz7S4AZr

Score

10^/10

Malware Config

Extracted

Family

lumma

https://economicscreateojsu.shop/api

https://entitlementappwo.shop/api

https://pushjellysingeywus.shop/api

https://absentconvicsjawun.shop/api

https://suitcaseacanehalk.shop/api

https://bordersoarmanusjuw.shop/api

https://mealplayerpreceodsju.shop/api

https://wifeplasterbakewis.shop/api

Targets

- Target
  
  Quest Adventure Installer.zip
- Size
  
  178.1MB
- MD5
  
  030a7b05dffcd8aa334981f4300de135
- SHA1
  
  876b186128ab03d9a105f25de7fed549d7ce6fcf
- SHA256
  
  30a0ca3adae2a904fa533369a5157a9e9bf93678794f405b981f15fd2676c6a0
- SHA512
  
  e9e54537c13e5df4c4e5bb6081e656f42e5135da85fed85609793baa4cc99107cb669daa76fe9a9ab331887cfc5d9a9a639ffbbdf69137d2e67c8ade10a51fa6
- SSDEEP
  
  3145728:Gy7fujd1UhNbuQD6PCxalf58mlgop2yRBiVtSnH7RIaLrDsZr:f2TCR6qQf50opHBz7S4AZr
Score

1^/10
behavioral1 behavioral2
- Target
  
  Quest Adventure Installer/GameLauncher.exe
- Size
  
  1.6MB
- MD5
  
  b7dc1166dbcd5df0a6c7c6ce4e72c30b
- SHA1
  
  cd034c1468bdcb81cc52efeba5c95857d60cc537
- SHA256
  
  e6fad824874c1ba468b8a4f94acd705cccb0c4d316b321eb3935c2160e1217f1
- SHA512
  
  aade2a596c8e714a56b54c6618d870dd2e5bef8bd37b128a5406785bb5d80c1ae15cd34aca1dad9c0db36ff0bb08dfef65e54bf94d3638e00fbe5d6b2ef73e6a
- SSDEEP
  
  24576:IdHHNmOzj4d9c8r1zSYiNED/MZvR4x6ApJT8v4A4n:eHQOJ5YiNED/MZvR3AbVA
Score

10^/10

redline zgrat infostealer rat spyware lumma stealer
- Detect ZGRat V1
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  Quest Adventure Installer/JRE/bin/jabswitch.exe
- Size
  
  41KB
- MD5
  
  6ad6f701797e4c1b00cae6d71732ffb3
- SHA1
  
  2af4b12ae9320389919693f2aff5b8f8eb94d0fb
- SHA256
  
  7c683a6e3af1c21c9091b44520eb5c4f350bd38d5c5c3bf452d23d9c057401ca
- SHA512
  
  3c0f7f186d188dd1117dce752579de536a5f6941f8de148a71a2edf8533bc670fca670ef2dbdc19ae96061db16ab83a944e3215620fb75f11a40594013642d8a
- SSDEEP
  
  768:sqlK3hiE/AkY/PXhqcADCH11B+QfrVzpsuCJ/1YiUFVzUhK:LlKRX/ABXgDCvB+QfrVCJN7Uvn
Score

1^/10
behavioral5 behavioral6
- Target
  
  Quest Adventure Installer/JRE/bin/jaccessinspector.exe
- Size
  
  101KB
- MD5
  
  463478b4ed2c720af1e70eacae039558
- SHA1
  
  eb54815acf2df7b33d9005357069bc567f4ab6f6
- SHA256
  
  2efe5f7dc2e4993210041f4ab4d775583dd57bcfa5ec9a2f8683b33accaf84cb
- SHA512
  
  3417d4b800c7211157256e280bdd77f0f429cae6548bc6976ef4050ddd80cb07a4aaec359bd621d48f5a80355fef52a7db84c6566e6ec8dd79a4523e75af9609
- SSDEEP
  
  3072:UNxpEifIevPd21GaEOQwd/pDA9ohYNUPt512T0PON29PejrN2x0ll3UEHaUEn+7d:oxpEifIevPd21GaEOQwd/pDA9ohYNUPG
Score

1^/10
behavioral7 behavioral8
- Target
  
  Quest Adventure Installer/JRE/bin/jaccesswalker.exe
- Size
  
  66KB
- MD5
  
  3f9e49634b38d2adf96f88d18eca5257
- SHA1
  
  8c7ce19d88b25e55131ce1152fc326c937c5328a
- SHA256
  
  a3c2a9e9b5820e4a218272660e76eba0faf9da8b6b4039c1a053d7b279840edf
- SHA512
  
  d72f184cfe0e939c7f01d57abb6237e745137152992fb7cd0528b1a3e46fd22af35687b114faa90bbed4214b48467453e6a2d9e81b3910b90d718f86eea12acd
- SSDEEP
  
  1536:50mZ0y4YufkoTgDH5rFloPZwTOLa7eEfdkAzjkfzFyBCCpcE9zY9QQ+o8BtWH53J:umZ0y4YufkoTgDH5rFloPZwTOLa7eEf6
Score

1^/10
behavioral10 behavioral9
- Target
  
  Quest Adventure Installer/JRE/bin/jar.exe
- Size
  
  20KB
- MD5
  
  dcd7052f62acee03f755fbed49937df6
- SHA1
  
  922444b30bf4cfd2a04752ced48b03711798d227
- SHA256
  
  3dfe37237ed3c50385f390d239ab7501af81be09ca154ce6f671fc955eb67620
- SHA512
  
  b3d7af1cef9bc29634fe8f94253bb90120fc9dfbec2b2697789b46659be4fc4facb9f3e079e8c8d167f3cfe50e117c6e094c25e9efaf63eaf37b1d43cef1b8fa
- SSDEEP
  
  384:u4Mgvl1oqagXaBKFyJxsA5AAIYieTFhO0mzt/hk:jSqHZFGsA5uYiUFmzt/hk
Score

1^/10
behavioral11 behavioral12
- Target
  
  Quest Adventure Installer/JRE/bin/jarsigner.exe
- Size
  
  20KB
- MD5
  
  086dbefacc6e82342ac377bdb1032c48
- SHA1
  
  727b4168f162798415c44989972b887b22ee228c
- SHA256
  
  fffe29ca53fe8abe68570fa0bed05011fbd4f37bd829206e04630bbc5b24823e
- SHA512
  
  3ac35a785c3aa6d48c5b508d843ab25bcd08c1da4f1c2341d347b838fc7001a054b1afc0c667154b1d3cffa13f5bff38440fb9e7f95c1b3f5678558a0de13d21
- SSDEEP
  
  384:44cgPl1oqcGBKFfWUteA5AIIYieTFhO0GzahC8w:dSqGFPeA5qYiUFGzahS
Score

1^/10
behavioral13 behavioral14
- Target
  
  Quest Adventure Installer/JRE/bin/java.exe
- Size
  
  46KB
- MD5
  
  17e95d746b4b9c30f682badcfbebffb7
- SHA1
  
  354d8ae7ec9ac0e467f248a8d43c704e683a572b
- SHA256
  
  3ab0516b67b52410f07a92504a50243f23ed8a7a51abed0d76a1bee4b0dbefc7
- SHA512
  
  bc7b6e0de9106f41253e6e7e18e46dc3ea96515751368b3225fb0757dd90f881529743eb3c376375ef9a599cac914b4215334e23febe58a60ee630e54caad02e
- SSDEEP
  
  768:/gqFjM5R2TyJ5R3s8D/bkt5Ruz3Vb3XEA51YiUF5zxBhl:/gSM5RdJ5R3sozkt5RA3XV517UHFx
Score

1^/10
behavioral15 behavioral16
- Target
  
  Quest Adventure Installer/JRE/bin/javac.exe
- Size
  
  20KB
- MD5
  
  e148f9f9e80a8388ae99d1bfe98ed7cc
- SHA1
  
  803dec16e0af9b80c4d78158067e9d5cd797479b
- SHA256
  
  fc70e4a29da6a71a9c3fc349ea597a9c6335dae81064fb2cc8e56f7178324360
- SHA512
  
  64924ef308eaed72c23ec131cc69231862ce9f825b97160a114979922f0c20d6e1fa843aa60c7746c2975739f250b05cd65d79f391299a7535b457ad7d640be7
- SSDEEP
  
  384:uIaQgPLeq/uEBKF+vKA5ABIYieTFhO0Rz+qEkShqjw:snSqoFOKA51YiUFRz73ShqE
Score

1^/10
behavioral17 behavioral18
- Target
  
  Quest Adventure Installer/JRE/bin/javadoc.exe
- Size
  
  20KB
- MD5
  
  eeffcb2bb162523e05d5cbde22e4931f
- SHA1
  
  e86589ef0fe48e2a87966b622821c3101dd2a50c
- SHA256
  
  9ed8b65917f5a54ecde006af6d8fd9711cfe529552da666f19037c29f2c25a87
- SHA512
  
  eca6978d88395f5c60be86b7a3030cdf269cd8002b2026aca7e94d4776e6b5aeefea4a90275323368af46f074d205a5991f6e2629630b768331a596d942fdd11
- SSDEEP
  
  384:aIKQgPLeqSn5BKFkyUA5ArIYieTFhO06zQUhU:gnSqTFtUA5LYiUF6zBhU
Score

1^/10
behavioral19 behavioral20
- Target
  
  Quest Adventure Installer/JRE/bin/jcmd.exe
- Size
  
  20KB
- MD5
  
  ec1a9abf879d7f1c2301cb8c5e0f2bdb
- SHA1
  
  ce4c9679998dc60eb868334b9d0cba0de2c6c5ff
- SHA256
  
  9400a404471d167cc86b721b4c6e61de8166bf5292cc09f62cc799bb84d1647a
- SHA512
  
  db57ac5b250da1e3f990d06e080850c09c2a59cc522b63ff4ec364af6e10846af816c8c0b7413ad7a5500480a0d7875db9a1076791fc89a7ef7e99e83276168d
- SSDEEP
  
  384:V4Mgvl1oquxaBKFyu+mA5AsTIYieTFhO0wzshlUB:MSqGFOmA5FcYiUFwzshq
Score

1^/10
behavioral21 behavioral22
- Target
  
  Quest Adventure Installer/JRE/conf/management/jmxremote.password.template
- Size
  
  5KB
- MD5
  
  ad773cfd53efe03e662f1cf23561f725
- SHA1
  
  3bad5b040b6d7117df4c40609ea0f8074339ee47
- SHA256
  
  0273b6a6b9e20e6ce54c5aee70164028e0395063b2b7d39060a40b6495543dbf
- SHA512
  
  e6794168ba80a8ff733d8c1771930ae8c8fc33030e5e9ca02700f326c88a2f68ff09bc734bfd1e492ef15705b288c7918ce1f3f7174742dee6a62dfe086abd65
- SSDEEP
  
  96:MdJb7RT9iQj/y3LNNWoT2Wjb3LpjtzIVSnQDeJuV9uiS2T4Z:059ipz1nlZzIVSnQDeJqpSSO
Score

3^/10
behavioral23 behavioral24
- Target
  
  Quest Adventure Installer/JRE/conf/management/management.properties
- Size
  
  14KB
- MD5
  
  055470250aefd21bb36a38aa74c9d9be
- SHA1
  
  a69b8a1d371d0e284490797d0b7bd952b339c92f
- SHA256
  
  f80096ec028dcb71625c398ec16d12023cafc6a1c055aceaed07d02e8d56f637
- SHA512
  
  f28be5155e8de08d1bc4992b2941e40b56ac3266cab3aa48726c2dd3e720cc2f52dd63713658b4186ac31bd83c2178841ce776c3458cb8577a60c16714c2a643
- SSDEEP
  
  192:uRo1ZVZHV+Dq3xtPbDxPqZwNrLTesyuVcAXiiPpkI:ikZTHV+Dq3xtP3xPqaNr/es11v
Score

3^/10
behavioral25 behavioral26
- Target
  
  Quest Adventure Installer/JRE/conf/net.properties
- Size
  
  6KB
- MD5
  
  385443b7e4a37bc277c018cd1d336d49
- SHA1
  
  b2c0dfb00bf699e817bdd49b14bc24b8d3282c65
- SHA256
  
  5bc726671936e0af4fdf6bed67d9e3a20a92c30b0ba23673d0314baa5e3ffb08
- SHA512
  
  260afc7671a1dc0c443564f1d10386f0b241bb53c76df68d8d03f1d0b1ceaf3f68847ab3477732c876c2b01c812ef7521744befe88e312f3aa63164b608b67a1
- SSDEEP
  
  96:6ATE+VEtGObfObz3Ob6Onte3CO0V+r/aJ7SFXtqBZUT+gTzDuBnZkRnF:/LVGG4f4z346et5m27SnCgTe9GnF
Score

3^/10
behavioral27 behavioral28
- Target
  
  Quest Adventure Installer/JRE/conf/security/java.security
- Size
  
  56KB
- MD5
  
  00cf40959861f61f17b90c6b6002a9a1
- SHA1
  
  982e48466428e1f49c1a5941c73afdacefd1d22e
- SHA256
  
  38166a975348862d693d95de8d676cf19cecccc45af4a1896c73c45f7bd966ef
- SHA512
  
  bad90152685279d896a4063d76dec5befe14831d3dd3260929b9a639505e898fa996b52aab3821a51c6c9aa09d956a23a8bdd870377a10e75c9399629cab5779
- SSDEEP
  
  768:rfBzVIMtipMfSSvAOUjt1p+SiIj4sjyaF/IJnoIqHihz3oFoBfCDqrsoZ9d5eDF:rIMy8SCAOUjt1p5/jCG/UoQhzYKpNnCF
Score

3^/10
behavioral29 behavioral30
- Target
  
  Quest Adventure Installer/JRE/conf/security/policy/README.txt
- Size
  
  2KB
- MD5
  
  3d47d94bc4f19d18bcc8b23f51d013af
- SHA1
  
  a97cd312d6a2a9c8c780c15e5af51a2f4f97c2cb
- SHA256
  
  6da0747334b0fea7592fd92614b2bbc8b126535e129b1fee483774d914e98eb5
- SHA512
  
  68a031264cf9442526307364ca74b336af55564c233c2f514cac48e910022767562f8ff6a64bb9cfcbf0fb5e755289273382c9246418a4b9207fc7761d03c64e
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

Lumma Stealer

RedLine

RedLine payload

ZGRat

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32