Overview

overview

10

Static

static

10

IMHttpComm.dll

windows7-x64

3

IMHttpComm.dll

windows10-2004-x64

3

ImLookExU.dll

windows7-x64

1

ImLookExU.dll

windows10-2004-x64

1

ImLookU.dll

windows7-x64

3

ImLookU.dll

windows10-2004-x64

3

ImNtUtilU.dll

windows7-x64

3

ImNtUtilU.dll

windows10-2004-x64

3

ImPackr.exe

windows7-x64

9

ImPackr.exe

windows10-2004-x64

10

ImUtilsU.dll

windows7-x64

3

ImUtilsU.dll

windows10-2004-x64

3

ImWrappU.dll

windows7-x64

1

ImWrappU.dll

windows10-2004-x64

1

SftTree_IX86_U_60.dll

windows7-x64

1

SftTree_IX86_U_60.dll

windows10-2004-x64

1

mfc80u.dll

windows7-x64

1

mfc80u.dll

windows10-2004-x64

1

msvcp80.dll

windows7-x64

1

msvcp80.dll

windows10-2004-x64

1

msvcr80.dll

windows7-x64

1

msvcr80.dll

windows10-2004-x64

1

wlessfp1.dll

windows7-x64

3

wlessfp1.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    384d1185d248d647cc639c24f082412950b1bb2413c49e152257b8fc1a42468c.zip

  • Size

    3.0MB

  • Sample

    240623-bfrbestbrg

  • MD5

    8ce88b52dbac86cbdf1655356261e773

  • SHA1

    ecfc0c1baff663bf331d00387fa16f86ec78098b

  • SHA256

    384d1185d248d647cc639c24f082412950b1bb2413c49e152257b8fc1a42468c

  • SHA512

    f55f18824063ce4b7785b8e9c48c15676c9c2dd25116e3be421d0cf3dcd28f2dbdd7e67252db5d247bd7e3e7d534186e94d01a8dc50c5631db83d851295fe5b1

  • SSDEEP

    49152:seVWX1rXhKUT1W4I3+shqJW2fKP7TS/76BKXwN+QeR12xOzUY5k:LWlThK21shqJ3OTfybQeRtzXk

Score
10/10
lummapersistenceprivilege_escalationstealer

Malware Config

Extracted

Family

lumma

C2

https://quotakickerrywos.shop/api

https://publicitycharetew.shop/api

https://computerexcudesp.shop/api

https://leafcalfconflcitw.shop/api

https://injurypiggyoewirog.shop/api

https://bargainnygroandjwk.shop/api

https://disappointcredisotw.shop/api

https://doughtdrillyksow.shop/api

https://facilitycoursedw.shop/api

Targets

    • Target

      IMHttpComm.dll

    • Size

      32KB

    • MD5

      a70d91a9fd7b65baa0355ee559098bd8

    • SHA1

      546127579c06ae0ae4f63f216da422065a859e2f

    • SHA256

      96d6264b26decf6595ca6f0584a1b60589ec5dacdf03ddf5fbb6104a6afc9e7a

    • SHA512

      f13b735a47090c7c6cc6c2bf9148408ee6db179c96ee6428270541f27e50ad12cff7486f3a6ffac2ba83fd2e6e8e49661e6258f5aee97eb0f48771cbbd22aefa

    • SSDEEP

      384:UYacYCuDAIKaDEsdpRPcWzXKNfdZ1uTslWfXLhxyM8OjrsVIObsU25hoe1nYPLMt:Scr9/i1AscZ1wf7h4bOjKRsIe1

    Score
    3/10
    behavioral1behavioral2

    • Target

      ImLookExU.dll

    • Size

      262KB

    • MD5

      c3d6a629966b2de0ac954c0c75847f59

    • SHA1

      8109256492cb3a2a38a6587b7e1145c58e078769

    • SHA256

      0e469f31a8399483862231a0fe5b78bf90a7df4ac5c0470ae79adc33e4a42d10

    • SHA512

      c80f718baa86aa05a566b8b5f8087a9f32703ef8f00ded809e0a2d74e94604b4b524989d953e26b9752e02fe2601ebe6527ef03384f6368ff6e5dca289a857e0

    • SSDEEP

      6144:9X6yu38mY4o8xnZSYDI7jlFl4oYVFl4OgqAIwMr5s:9X6yhmY4pZSYkvl4/NwU5s

    Score
    1/10
    behavioral3behavioral4

    • Target

      ImLookU.dll

    • Size

      606KB

    • MD5

      3ea6d805a18715f7368363dea3cd3f4c

    • SHA1

      30ffafc1dd447172fa91404f07038d759c412464

    • SHA256

      a6766c524497144d585efa4fe384b516b563203427003508f7c8f6bffa7c928d

    • SHA512

      a102f23741de4ca2184485d9aa4ddd1a36b9ea52cb0859cfd264d69a9996293b7e29b325625f1f6f9330d6c80ff415e09e85e1ae838c58acef585ae8dffe3070

    • SSDEEP

      6144:5hvkhcT5e0HWJ5/10UfCrXCL12gQhYwtHWDEyF0nb6rFBvJ+sbJeDH+8uGh7xgLX:5hvkhcTd2JxXCrS85h0Dh0nMKbz45

    Score
    3/10
    behavioral5behavioral6

    • Target

      ImNtUtilU.dll

    • Size

      94KB

    • MD5

      bb326fe795e2c1c19cd79f320e169fd3

    • SHA1

      1c1f2b8d98f01870455712e6eba26d77753adcac

    • SHA256

      a8e1b0e676dce9556037d29fd96521ec814858404ba4cfdd0db0edbe22c87bc7

    • SHA512

      a1ec894151baa14e4ac1ee9471e8606bf74edd39f7833d9a1a44eee74d403f6b52780c135e9718ff9564fa27d7128c22b8410b21f77e6d804f698cfb4eda65a1

    • SSDEEP

      1536:q01U2obLeNvXXZ6Wb/2LamjMkUYCTSZaKAxvSJKRDOAG921:NobLeNvXp6Ou+mjMkUYC2ZVAxxFOAG9s

    Score
    3/10
    behavioral7behavioral8

    • Target

      ImPackr.exe

    • Size

      102KB

    • MD5

      2f779ac4318fd4990c828f60d16f2b17

    • SHA1

      a188080158f8cdfe5050d6e828fb69e17ac0be19

    • SHA256

      689951b03517f77b6c04bb57f604f50736dc1a86b87253b0dee73722d4520a11

    • SHA512

      7f6dc79ab6db4615bb0c7b31d36cc8750373f9b7c199bfaa8e1eff9dbd6f0b790fe7e4c9dc86b62abb811d93e946e68ddc171701bddba423079447124ca6464c

    • SSDEEP

      1536:BdPnjwBj/h13T5KRy8DiliMz+WPSC0mJcSs93k0TmOTWAnBchQlQICRXRXYu:BdPjwRrdoirza7C0iOPchc6Np

    Score
    10/10
    lummapersistenceprivilege_escalationstealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Detects executables containing SQL queries to confidential data stores. Observed in infostealers

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral10behavioral9

    • Target

      ImUtilsU.dll

    • Size

      1.4MB

    • MD5

      a7eaba8bc12b2b7ec2a41a4d9e45008a

    • SHA1

      6a96a18bb4f1cd6196517713ed634f37f6b0362b

    • SHA256

      914b1e53451b8be2c362d62514f28bdef46a133535d959b13f3f4bf3bc63df3a

    • SHA512

      0ae7fbdb2677d92c62337aa17b60a4887240a4a426ba638c7633587f4582adbcda2bde5ec824aab1a3f69acf2b391118763842acfab856d3d9764850961a2ac8

    • SSDEEP

      24576:2EQirQajY+S5eqyL9dj7GP4a6xKlnNYndIA1HVtFyC0Glqb6WUOQZljMFbDG0:fQj+S5epJl7+eenN5+HVDD0bUOQPUbDP

    Score
    3/10
    behavioral11behavioral12

    • Target

      ImWrappU.dll

    • Size

      158KB

    • MD5

      cbf4827a5920a5f02c50f78ed46d0319

    • SHA1

      b035770e9d9283c61f8f8bbc041e3add0197de7b

    • SHA256

      7187903a9e4078f4d31f4b709a59d24eb6b417ea289f4f28eabce1ea2e713dce

    • SHA512

      d1a285fb630f55df700a74e5222546656de7d2da7e1419e2936078340767d0bab343b603ba0d07140c790eb5d79a8a34b7818b90316ea06cb9f53cad86b6d3f5

    • SSDEEP

      1536:+Vcm093l7KjJdwXjCsZ+WymDAZZxgbgROgldJ+VEcn75A:+Vcm03ggjCsZDym6Og5+Vpm

    Score
    1/10
    behavioral13behavioral14

    • Target

      SftTree_IX86_U_60.dll

    • Size

      570KB

    • MD5

      57bf106e5ec51b703b83b69a402dc39f

    • SHA1

      bd4cfab7c50318607326504cc877c0bc84ef56ef

    • SHA256

      24f2399fc83198ab8d63ee6a1ad6ffbd1eda4d38048d3e809fecd2a3e0709671

    • SHA512

      8bf60649ece6bbb66c7b94ed0d9214fbeab030d5813e1e7b5d6d2349ee1de9075b7dfbbbbeae5af0dc21b071a00eafce0771ca1804e6752e9a71e71e6b1447df

    • SSDEEP

      6144:+F1oCaK7hWLMxQqTxNEaPe/cq0sJBJYzlRtcChgWPQnjLkV3Ij9DvAmintVM:koxK7hhNN1m/cq0sJ/YzNcCj0oVy8Y

    Score
    1/10
    behavioral15behavioral16

    • Target

      mfc80u.dll

    • Size

      1.0MB

    • MD5

      ccc2e312486ae6b80970211da472268b

    • SHA1

      025b52ff11627760f7006510e9a521b554230fee

    • SHA256

      18be5d3c656236b7e3cd6d619d62496fe3e7f66bf2859e460f8ac3d1a6bdaa9a

    • SHA512

      d6892abb1a85b9cf0fc6abe1c3aca6c46fc47541dffc2b75f311e8d2c9c1d367f265599456bd77be0e2b6d20c6c22ff5f0c46e7d9ba22c847ad1cbedc8ca3eff

    • SSDEEP

      12288:o5lk6KUYmYRP6vAt9+J51r64f22JhPeEiz8F+p/xoOTa+S9XqNNw2ohW3:UyUaP64t9+JfrRJiz8F+p/N2/cmW

    Score
    1/10
    behavioral17behavioral18

    • Target

      msvcp80.dll

    • Size

      536KB

    • MD5

      4c8a880eabc0b4d462cc4b2472116ea1

    • SHA1

      d0a27f553c0fe0e507c7df079485b601d5b592e6

    • SHA256

      2026f3c4f830dff6883b88e2647272a52a132f25eb42c0d423e36b3f65a94d08

    • SHA512

      6a6cce8c232f46dab9b02d29be5e0675cc1e968e9c2d64d0abc008d20c0a7baeb103a5b1d9b348fa1c4b3af9797dbcb6e168b14b545fb15c2ccd926c3098c31c

    • SSDEEP

      12288:Q1HyurvZ0JPjuTtSu86th1n/hUgiW6QR7t5j3Ooc8NHkC2eo:Q1HyurvZ0liTwuhtjnj3Ooc8NHkC2eo

    Score
    1/10
    behavioral19behavioral20

    • Target

      msvcr80.dll

    • Size

      612KB

    • MD5

      e4fece18310e23b1d8fee993e35e7a6f

    • SHA1

      9fd3a7f0522d36c2bf0e64fc510c6eea3603b564

    • SHA256

      02bdde38e4c6bd795a092d496b8d6060cdbe71e22ef4d7a204e3050c1be44fa9

    • SHA512

      2fb5f8d63a39ba5e93505df3a643d14e286fe34b11984cbed4b88e8a07517c03efb3a7bf9d61cf1ec73b0a20d83f9e6068e61950a61d649b8d36082bb034ddfc

    • SSDEEP

      12288:6Fqi2VC1J7Zs7a5zchr46CIfsyZmGyYCqeC:6Ui2C1JdoiEdmGyYu

    Score
    1/10
    behavioral21behavioral22

    • Target

      wlessfp1.dll

    • Size

      70KB

    • MD5

      5120c44f241a12a3d5a3e87856477c13

    • SHA1

      cd8a6ef728c48e17d570c8dc582ec49e17104f6d

    • SHA256

      fbd4b6011d3d1c2af22827ca548ba19669eef31173d496e75f064ef7a884431c

    • SHA512

      67c0e718368e950d42f007d6a21c6f903b084d6514f777b86aab3111ffe3be995949674276081c0281139a0b39119b84630a0ac341d4ae78677ac8346f371ae1

    • SSDEEP

      1536:nEqYKdOEuqRKXd9ZWbIOinToIfYeyOgtPko:EqnB89ZouTBf5yOgtPko

    Score
    3/10
    behavioral23behavioral24

MITRE ATT&CK Enterprise v15

Tasks