General

  • Target

    Cutor2.rar

  • Size

    1017KB

  • Sample

    240520-s5bqpsgf3x

  • MD5

    fd568152aff79fb265c5b36d48195171

  • SHA1

    15fb2f5416dc915d093bc8eaabf87bcffb42ca82

  • SHA256

    770085623b4d362d143b631396d03255197cdfdff9b239a4668e75a611e0cc53

  • SHA512

    49deb80ec3cd30c39176f826dcf2a6743fb3e25e83f80bac22870cf39aa2363b40633ab52ee89697038f62190582af55eb98b6e46a4e5bc3cec6d6674a2c207a

  • SSDEEP

    24576:XxEgGE0DPES0Sf82J6C2rj5RljXJ6qXWI3MN/bj0mOjZBY:ByE0bE3c8dfrj5RljXJ6KWIablsY

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://employeedscratshj.shop/api

Targets

    • Target

      Cutor2.rar

    • Size

      1017KB

    • MD5

      fd568152aff79fb265c5b36d48195171

    • SHA1

      15fb2f5416dc915d093bc8eaabf87bcffb42ca82

    • SHA256

      770085623b4d362d143b631396d03255197cdfdff9b239a4668e75a611e0cc53

    • SHA512

      49deb80ec3cd30c39176f826dcf2a6743fb3e25e83f80bac22870cf39aa2363b40633ab52ee89697038f62190582af55eb98b6e46a4e5bc3cec6d6674a2c207a

    • SSDEEP

      24576:XxEgGE0DPES0Sf82J6C2rj5RljXJ6qXWI3MN/bj0mOjZBY:ByE0bE3c8dfrj5RljXJ6KWIablsY

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      Cutor.exe

    • Size

      150.0MB

    • MD5

      fc19772f15ec20a93b956318e77df40a

    • SHA1

      b6fc61fbb8a0932c906bfb21c5bb247a54a061ef

    • SHA256

      bada63237016ce4e5bf28c2efa620430b4c0ac859f00f4996a6a4a166e3220f3

    • SHA512

      d8c8a3d7d7fc5cbd368121601fe04f4a4753b917ff379838b086743319a122d6b8a637930e76084cf09828f458372f727d90572eae3eab79dbe6401691d3ae97

    • SSDEEP

      24576:fXEUjHrDOMFGcQQ0UDEM8FZ9IWdmKrL6OgEic8rby2N2mzbtt04H:fbjH/OXdvLZKWdtr3L712N2mzbP04H

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $INTERNET_CACHE/Arrives

    • Size

      69KB

    • MD5

      473722f790596c4d6b159fcd8a4dadef

    • SHA1

      20271a29dcab261fee279401cba6b0bab3dc2ef2

    • SHA256

      a33baf56fe478318a92035b652b7a7a63721aa119b355fb07e4c2bc3c405cd54

    • SHA512

      338337b9d4645580816abb2a042e2698b2cd698d36475d66f88ba461a6d51bc0899fdb36acd3bb944fa35aeec4d3d816eb386e2bc87de771527da415fd89c194

    • SSDEEP

      768:Lrkx3zN3AFR97T98+sDkXLAlMoLVNIo8DJWxWWbP75qcaTlKWzhQVNsbSSkLQ7Pe:LYNB3OFTR7bAlHL/4aj5Vf7gqYrui3A

    Score
    1/10
    • Target

      $INTERNET_CACHE/Aspect

    • Size

      44KB

    • MD5

      156462caf2897d681dad8fe61d1c7279

    • SHA1

      a7ed61c1abf6256a339247d5212624d06497051d

    • SHA256

      a4d6fcc99632d1ede57a38043e46f4a0e6d60edc10d388acf47de7f186810d6d

    • SHA512

      c09be41bdd19d22dc9d7d8259116a1c98f5a37819ac4ea45b4230ca093b34784f397d523fc5ae5f644aa3a35750e0c570af01ef94d34b060da5d18c19a30fd67

    • SSDEEP

      192:CoooooooooooooooooooooooooooooooooooooooooooooooEFOiGHwJffX2crFt:UiwxFr9LE/MpfhwHLWAkqLyH3Pe

    Score
    1/10
    • Target

      $INTERNET_CACHE/Blond

    • Size

      65KB

    • MD5

      499020d7a6695730ade820ec473a7014

    • SHA1

      8dbe5dd49c6b527426c41eb8f75c66cc525e8d07

    • SHA256

      7b6044b2f019eb7161602f2b177ef387ea22a5fd498f2262e671e6bf1c0418d5

    • SHA512

      273c79a06188de53dfeeaad4ee682ffd6afdc255b28df77e867bef2ddfd44528035cd61732192d7cd76359ac71b9e08c4a3cb94368eed8dd07c5a208c74f54da

    • SSDEEP

      1536:4RlyxcZqvinN8PsJitgXKUvl8UTcyzJW784Lle+1Y:ylyU8PsYuXtvrhzU78Gle6Y

    Score
    1/10
    • Target

      $INTERNET_CACHE/Bone

    • Size

      193KB

    • MD5

      124e240a6529b61f018b30adac17553d

    • SHA1

      950077be632fde663aacf7636a0ece5c918d2f63

    • SHA256

      70e4f36876b997f504b67027be7bb02d9fb5faecf014f603cbe7d5e640631994

    • SHA512

      c57ccf9cdcce52cc197fdba2586e9e924823b74cc8491e1cafdf9d74069aa13d4a5dcedaa80804456885bb9fca7ea8beb4a5ebe1ef15c0fb91f5fe127324ab8b

    • SSDEEP

      3072:PIlimn4qz2Z8z0wdgSPHAFkEylz6N3WfHHr4c68gcA0om9IO8uuyQuZTofG:Q9nF2S0wD/AFR+6NGj4TvO8hs

    Score
    1/10
    • Target

      $INTERNET_CACHE/Corresponding

    • Size

      15KB

    • MD5

      24f764a45140ae61b291022b188cad50

    • SHA1

      ff59085b23c849d589360dc19df2aa82c5032bd0

    • SHA256

      eb85a752452828fe7e83d18dcaa80fdd81b416a3cef1429a8765228bf889738e

    • SHA512

      3fd4f1e7c9214687c99400a951101c194067c01fb79107a3381d5c122900571b0a064548a4f9065b2dc14dbe01b8bf871afc860123408ade78a52a22c28bd122

    • SSDEEP

      384:djnsRfctrJsnb2Kev0hLk1G+CAiwo8Z8T5RZWfkBTjeVmr5D5+:djnsRf4rJsb25v0hL4G+CAiwo8Z8T5Ra

    Score
    1/10
    • Target

      $INTERNET_CACHE/Coverage

    • Size

      63KB

    • MD5

      d51d5baf2c9751a080d23ca1d67fc877

    • SHA1

      4e03ddd85f9a93d666093fff94296a1e8119b492

    • SHA256

      e66104a1f8fa1926811e2c82f16a415584732d80c984bc95472d26663355130f

    • SHA512

      048eabdff052549ea0005096109a155e3cbb3cb55e45e7a6b4813637b7390f56f605083c352ad01171c275e1e8a1305d1ed4bc3dd62af15bda2e68bfcceeef85

    • SSDEEP

      768:eT+UTcL4qHq25NKEHq9BxyyM0Dj2Bmgari0UPD/3Efrafd0maNBZikj0kkC:83TcvNHq9Bxhgari/D/3EfraF0Hikj0W

    Score
    1/10
    • Target

      $INTERNET_CACHE/Demonstrates

    • Size

      21KB

    • MD5

      e08e5bf768a64fe55414a7efe75bb98e

    • SHA1

      1a4131e823a04c34bb877e1bd2da4747f88c36e6

    • SHA256

      5f9e851b902ead6c553929b0747a2e4038c0d47a1a9679b0e66186fcbdcf4145

    • SHA512

      920c6db4296d4384d9368313aa9d00d93da69305836cf497bfa864f5907f892b51d6917bd20cf881ed91ac08ad2f3d7768f6dcaf29a4c0c62c526a16eb1653d5

    • SSDEEP

      384:Ugikvq6LzykagepHIgiwXMxMWkvQFmY4Uv0FjSkXDylnffltltZZzz11ppz9KvLx:Lq6LqgaHbdMNkNDUySdK8M4INduPbOl

    Score
    1/10
    • Target

      $INTERNET_CACHE/Describes

    • Size

      4KB

    • MD5

      dab205ef316a75b18e861f7a867e0989

    • SHA1

      650f9b788b6213225dc0f8d21236d1b06bde4fc9

    • SHA256

      a14ab8b356d3d939c5b2283e3cda3af305d4107e7f178c852e0680457acc269e

    • SHA512

      365fa6a6b20c940cee09294c5bfd35c52928874532a5b27e73891a498f1463d84fa0305b2d6a721f67bc39b828379eacfa092df664f73a8f863ae39ef7ae4d8b

    • SSDEEP

      96:boZ0HynDXhT0tyCL06En2nuuTb6GDXuzGBb/mMaRgYfDohiWvv9szz:0ZFDuFg68euXsBDmMagYfDohiWvv2zz

    Score
    1/10
    • Target

      $INTERNET_CACHE/Following

    • Size

      47KB

    • MD5

      82d51a65bbe96f2f9e8e7b6cfb333282

    • SHA1

      e8633d184ee93e8792c3ea8b4c1563a126d2dbfc

    • SHA256

      654f10643984ab084893f728bf2e713a432a164d97b29e718dfd018d2acece7a

    • SHA512

      782b892afbc79ccdfecec5072a96e209b6097d116401fe648dedfad06bd7117011af2fc4032976a0b3c6d5e97f29eb2c34e54020dc0bb8c60fdc9596d1abe46b

    • SSDEEP

      768:pKOd+3Avgmy/bJCVKSb279sAOOWNMZmwfHh17McqQHEdQ7iwDIUKo+jQ:hs3AS/4KS+9sAO+kdIlDbKfs

    Score
    1/10
    • Target

      $INTERNET_CACHE/Immune

    • Size

      42KB

    • MD5

      45ceb552adc3a75aa55a5d7d78b8c0d7

    • SHA1

      fc584a0cd566842eb236c9c3b2635d2d4b97a5a9

    • SHA256

      dd816a6509a6845e44384860fda4dcad095fac1fb9fdd2e8cceb74fb224dcc91

    • SHA512

      39bfb1470e2cc31127f654a07a17827ba19d6aed1c6108a27dffb8d2bf00ccad8124417f662fe714a30461147d4f860ea97f3e45d26c3df5aa266774a73f82e5

    • SSDEEP

      768:ub9futLZzWaIxyKw7nxZL96Yk4iARefFilP4Bwh1QwTMvcVPDqdU7SIcB:VzWaIxOv/pAfkF/bIQ2dU7SPB

    Score
    1/10
    • Target

      $INTERNET_CACHE/K

    • Size

      47KB

    • MD5

      f9596ddb1d9b538409e412b39569212e

    • SHA1

      99de9993abb4c4480061a00e3b7a7e0ec9c18efa

    • SHA256

      8c9328d2260c23517a1835f80946bf9e2e21db5265905484e0ac4d8b888a6162

    • SHA512

      f2fea44814a21507108169f82222a8725fe464c28126edb6edac227f138b406af0d7a19a69738ed3dc7326a44432d93be5124eaad2410c44c54b1e61dbef1afb

    • SSDEEP

      768:FhsRqI5o+oyyxVxCaw2F8aP6VOHQznzp8G7bJu1UY3dLi29NcNngX+F+2tzjOrnN:RLDykFIcizp97bA3EKNcpzjIqIinTglX

    Score
    1/10
    • Target

      $INTERNET_CACHE/Kay

    • Size

      23KB

    • MD5

      9e77f9fc5c1bbae0ade16a1dd8effb21

    • SHA1

      dd769a5be09309f4f21e06d04d68185d624195ac

    • SHA256

      e3e1f7fb978a9ed404525039fafaf519f0d414a44ddae7e3acd92ad3d3bc11fa

    • SHA512

      d04227ffddb76b7ef4e311096ea192252c53be5dfcac97441cddd7be52d056a6dcab4be594ef4d40ed10b45dc50c0f8ac6b0db8dad4a375baa7296e2c15b13d6

    • SSDEEP

      384:MidDQxahM2I4kDehJ0IHnHVmE5lTbyuT2sWjtudtIDvFQc:R+aI4kSmEusWjcdeDvFQc

    Score
    1/10
    • Target

      $INTERNET_CACHE/Mountain

    • Size

      27KB

    • MD5

      1f442fb73d09d937f6bcc25652658aa8

    • SHA1

      7d47f3e5573bf12843b9fb8df0a7ecdde10c9dc7

    • SHA256

      9b66a4edacc06979e23b7a267eb01e704710dcd2160ac6df16fa2823b1fdf459

    • SHA512

      da8c9bbad6be295b3cde5f44db858d2b5a03c2acde0f9f9b582ecb7203b77853916d9d22ebb2056e53d96746e9f3dd7e89616d6cca01fb39744128e4fadac1d9

    • SSDEEP

      768:dI3+lUAireuGJiuqlpzS7XN7ywRY1qZxMy:eOYpe7N7nRYyxv

    Score
    1/10
    • Target

      $INTERNET_CACHE/Oils

    • Size

      9KB

    • MD5

      073f9e2c594b99cfb7ba3880aa680f20

    • SHA1

      84e31597a55f99f7e9322353116c2168ddbf3e9f

    • SHA256

      e3446f9e24cdc1dade438588b8f6a82b5d66baace47736bfc21212f05d83254d

    • SHA512

      7cca73ff39e3c24f281999a1f9c28609c18550af3db0ba5d0bea74aeaa6d570737d9bbc01f3a89de5d934cf8894e75fd81832ac39ae3d59659810e41f5113fa4

    • SSDEEP

      192:4fDlCvAFS/MhosvkJAXvf4dtgzgO13VLGTMeG2gEFOtdaX:4fDltc/M2fJAXzzgO1X2gEF2daX

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks