General

  • Target

    UnivMenu_1.16.rar

  • Size

    115.1MB

  • Sample

    240707-b556wazfqq

  • MD5

    e18e891bc459792ada555c13acb8d8f8

  • SHA1

    d39f96bb28ced2844121f1dff6060b4e9fbad880

  • SHA256

    042516c72c68775956303f32c9e3261edfd07762ec2b926880f3559609c6af06

  • SHA512

    92d654c278a8cb036a6f80c7512f30669d06bfa3d00d61c8c9d3438dd5c5aff21e0a283b45e300717225c70260232ac956a23fb675b6f2c54c32436fa7984968

  • SSDEEP

    3145728:6PddPW7uvf/uL55aUXzHv1lzfn0gPW7uvf/uL55aUXzHv1lzfnh/P1H:mddPbYHXzHPDn0gPbYHXzHPDnhJ

Malware Config

Extracted

Family

lumma

C2

https://bitchsafettyudjwu.shop/api

Targets

    • Target

      Loadkeqwkedkqwekqwek.exe

    • Size

      667.6MB

    • MD5

      d542e6bad83187cab7b0f203757b76b6

    • SHA1

      cf8f3bd38f78ecc91ad0bd3532217e142cafdc28

    • SHA256

      c3d38d839be7867e6c23eb33bf71c60416cfa2765d26d98575a362afde4909d6

    • SHA512

      95fb993de1a8eed90135c6888a2d67b478d7feb105657175ac536668e695cdfcdaa6910ba08dcf6943ecf36d42d6c49fbbb7dd103dc99bb560468eb21bb13486

    • SSDEEP

      196608:pFlczmSuAZRTqbH5TR6qVh4Sw17UjoAV4kWmPrzGH6i4OGYQ5:pFeqpZwqVh4SwJ6hV4k3GHh47Yc

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Creates new service(s)

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • Target

      ⌚/1.exe

    • Size

      667.6MB

    • MD5

      de2b2e5b8c45d0a6204c6f6f4e4e4d5c

    • SHA1

      91bc7b633d0b71caff9514ed386c25777188daae

    • SHA256

      e17bc2d567eb328e6f6082b58e6f3930028caf94a2207bac7029ef5a9ef8923d

    • SHA512

      e425e47b9ceb13a94a4b42e6738e248e81ac11bd93358ec5ae7e9a9ed781264ac6c969a9f122fb737009bea5f98772917f0900c2668362aa09c210b8a7627140

    • SSDEEP

      98304:681SNk3eYq9Wc7ucX41k9HJGhRibqTtJuX:nVXK4K9cht+

    Score
    1/10
    • Target

      Source/QtGraphicalEffects/Qt5WebEngineCore.dll

    • Size

      108.6MB

    • MD5

      c3b619ac876e44f74692612c8757585a

    • SHA1

      3256dfc390cafa0a276679bfad5ad9fdee103210

    • SHA256

      7db1cc70873e9fc05bc644c02f074824669a2b8c1c7c596fa3974b76fbf1d1dc

    • SHA512

      ace72a633e7297a749424491e35b15679979c6a252a20e64570211b1708cfe0ffd4bd1c72766f15a97d5c4209d19c8fc25505972786269e34c8c3b04239260b2

    • SSDEEP

      786432:177IumwRiPP+QfeimPmmewR8rXJX7xj9Jbec6WYyZDPz03X7IP:9Iumwe+QfeimPmuRcXJBE690U

    Score
    1/10
    • Target

      Source/QtGraphicalEffects/RadialBlur.qml

    • Size

      11KB

    • MD5

      33fe812bfb242ae0a883932a9b35a98d

    • SHA1

      cf297544e75ea94635efbb8f311c847aeba2875d

    • SHA256

      e086b7c17fd77f5b4f061ef6b49f1f1482a3429705a3174db77bdd7d1e25a6ea

    • SHA512

      42daeed3aac5d14370e4c9ce72e9a1d19419843d7c9667655e559cca80ec8d77ce7f804641727e15d46225bc3169d6e3959c9558fbc7bddddf4c108359d85db1

    • SSDEEP

      192:7ILp3RRDQGloQhIfXoXFISCa6z/eJV5NRnYXeQ5nQJVxNjs3JNzMbth6xxJBtw36:7KkGGFQ6QV5XQUVxGfAth6xfBtw3dm/D

    Score
    3/10
    • Target

      Source/QtQuick/Controls/Styles/Base/StatusIndicatorStyle.qml

    • Size

      8KB

    • MD5

      702bbbb5b40df54894cc61fcba911ceb

    • SHA1

      7a63660ef3396c577835d4e2c739d7eb8c2b62fc

    • SHA256

      9846d99bf3aaac6ae982d7b7ccd4479d5846457329ea0ef4b6046af901c8b085

    • SHA512

      4b6ead06c75111d829707cbefa8abec8af5489d8ff6ea4109f7d5388b052ad96b34b11eb976026653e86079aa8086e79e23e958b44f72cf0120b1e30f9a30b39

    • SSDEEP

      192:xZp3RRDQG8sqS/3gA5ff/PLaE+zEQaVLVsYfCeRMjt8YRS8/yfL:5kGvJX2hBYWYRKTRS8M

    Score
    3/10
    • Target

      Source/QtQuick/Controls/Styles/Base/ToggleButtonStyle.qml

    • Size

      9KB

    • MD5

      f01b9b7d11d020eb671a6b4754cc520a

    • SHA1

      7467abd30d7cbef91403e7e35217e47a16f109bf

    • SHA256

      5de663cf32b29ddb07dc4d22e21e2e26d72633f216514e2fe9ab25f6a4362b04

    • SHA512

      e456bee81eea19879c26896de39abac72d703834457de44835802df8df3ac9f6eb705571c9206bfe7afe1a1a0149b5066b0774f01285251a5c604a6e659c69dd

    • SSDEEP

      192:xZp3RRDQG91qSGXagdgw1yNKgcGVKg4HfKyWz5THRvaya01HmHQHWaMD9S9Dr1hW:5kGlGJIL4JMCsgV

    Score
    3/10
    • Target

      Source/QtQuick/Controls/Styles/Base/TumblerStyle.qml

    • Size

      12KB

    • MD5

      2a7125bccc4db39e74c1b1bcc535f6b5

    • SHA1

      937b6deeb902fe3b15be072db75faf0b886f61b0

    • SHA256

      11961547f865637ffe30f7f5f0a6df30ab28ae92437083c7df4b4b81ae0b017d

    • SHA512

      8ab1dac3f3469fa34c7d5b73815974518760dd9472a1b75b09270f1a1be54c604774decf1b3d937236c170dd5efe13705747fa8009c8c185503646f20cdc2dc7

    • SSDEEP

      192:xZp3RRDQG8oqSDyrgUf7dLMegZ86P0R8L84yKLKZKVpB6iKmZkNb4d3PnqAZ5nKs:5kGTDKnABLiNUfqAZ5wDHs8/4jZ

    Score
    3/10
    • Target

      Source/QtQuick/Controls/Styles/Desktop/GroupBoxStyle.qml

    • Size

      3KB

    • MD5

      15c012094c3ac552500def496b4af3be

    • SHA1

      5a6db39e1933df3d176a0c0c4315dc10742706d6

    • SHA256

      dbd7577badd47a8ba8514cf2c828a1f94760c01036502d404222b7b130b0785b

    • SHA512

      a5dab128fcbb1063a6e04de6db69e8c68ca4982a4e3728cafbe422e179725bbe11ff79728213698bca80531d9d6ecac5c0856aad5cba5ebc91c8e635f5cfa831

    Score
    3/10
    • Target

      Source/QtQuick/Controls/Styles/Desktop/MenuStyle.qml

    • Size

      4KB

    • MD5

      43a7f4baa434d103d0900827cfa4a34c

    • SHA1

      f7b6249474188c20852915fd8a0f5a6b169b4fce

    • SHA256

      bcbf8e2f09ee6942b3eb5c9b62bfbd9372ad4fa268296f69affed28b82c7a0be

    • SHA512

      7e5edd9cf2f6e2a1888f10a9b86e05534995efa723a6d136403e97f4391fe94b84809745ca4485b0345767dd5d8ea887ba6f5a1d36ce4ac056669c4a7bc20e2a

    • SSDEEP

      96:xoLp3RReSQGPlS2P7/X2odbTlFoZVkam6Ij3hl:xSp3RRDQGg2PTmSbTlckB3hl

    Score
    3/10
    • Target

      Source/QtQuick/Controls/Styles/Desktop/SpinBoxStyle.qml

    • Size

      5KB

    • MD5

      890194f5a34c7be87fc63a9c2cbac3a2

    • SHA1

      cad6742d1b91180eea7b3469399aedb16bc6184d

    • SHA256

      0fc3de9199de8fc4b3ede9171e7f03c880756016124c9de5b31f8a6272ebf3b4

    • SHA512

      df795a29401b61ac86968dbb604614216c4979c586d04812c5060d000720feb5fc94793c50c62ce9530a48fcdc1d84bd5db01b9b298ce59fced351193c9299d8

    • SSDEEP

      96:xoLp3RReSQGPlUKztGsyrRyVn0xnSkX/3s0JKn8AL:xSp3RRDQGWzsyNXMJL

    Score
    3/10
    • Target

      Source/QtQuick/Controls/Styles/Desktop/TreeViewStyle.qml

    • Size

      2KB

    • MD5

      e0aa379b2a0c01ba02d9dd128c74bfbb

    • SHA1

      4e2005633527069eede98c33628428c358ce0c64

    • SHA256

      1c645cda72e81f295d03fed5142c502651c9d5f0418788f5f3c53a5720c2351e

    • SHA512

      28bf0f38bd956458655590f2abddc0a14ab80cd395f18b710c0c9e973ee1c033615302c94d0bb4906d711e82880db0239c3c81ea36845d8d882e1d38a1ee3502

    Score
    3/10
    • Target

      Source/QtQuick/Controls/Styles/Flat/qtquickextrasflatplugin.dll

    • Size

      814KB

    • MD5

      8c16bb33c4dfde610edbc2228ecf5a21

    • SHA1

      8c6561f46555228c4c75d412fefd5f998c0b1e02

    • SHA256

      fb74f4049964c4242fa85ac9ae01771ee6f1698dc8e5638cce823c4561ccf5a9

    • SHA512

      c7f37b88870c0db5c33de2c28bba0b26fe5c56aa73b07a9e502214d2d818d7ca27b605ba3f5282a7cf3f8632cbb3fe1165ad692d8841772faff02c0bcbeb67ce

    • SSDEEP

      24576:4nygIwhCNoh+Ja9f9VhCNoh+5i9FrIJJpCNoh+75:mG2Ua//UioG5

    Score
    1/10
    • Target

      Source/QtQuick/Controls/TabView.qml

    • Size

      10KB

    • MD5

      518d7ce1bf34f9a48a0ad7055a5ad401

    • SHA1

      d0d00961dc8a297a0be9d7f214e4c8890256bd5e

    • SHA256

      345f25e31fb7e4106a5880b0a33d7d704ddd49c7656bf8ac8063ed61ffd16bb7

    • SHA512

      0d44d17c163bd89ecc5ce7750b0bfbab56a376a448dee9ec4ba8f94fec5f305e35295eb770dcce01f7b705c94384f074819b8273b96c16a86ecd9f5df5c1a777

    • SSDEEP

      192:xSp3RRDQG9Nkyty1yi1CQDmucP0fg979YfpwfxKt8kQx5by1XDDW8AgPOTa/GjS2:0kGPkyGGopBDfUCNLZo

    Score
    3/10
    • Target

      Source/QtQuick/Controls/TableView.qml

    • Size

      10KB

    • MD5

      3a4996245c71e516d68566ed30de2239

    • SHA1

      109c155175680109017c72aa8a4a7db69882e8e0

    • SHA256

      6da3a4c8079bfaa848cc98d46c1e7a6dcff2be7ec355273220a1386d9215b9eb

    • SHA512

      9fc11c9124adf97d15fecd11d8e61619c4b460bee9b674adcd519f5f0900167e596385e2fd95152113b7692aecf463a511748902686bac72930a2e6ff27ff304

    • SSDEEP

      192:xSp3RRDQG2tfhaSIThbzAkoFjnM6ojACjc+jqiSCdjJjPjjy000YNxwCWj086jgG:0kG6ESI9bz+mltJxONmmVn

    Score
    3/10
    • Target

      Source/QtQuick/Controls/TableViewColumn.qml

    • Size

      6KB

    • MD5

      e322f20e048d88ce920d95ee1442eb5c

    • SHA1

      ba63dcbd765db8beda56f8d11f3e283b84b07855

    • SHA256

      e6bc2ce248b268fe53d74e52b830929fb84c684d0e1c7a3e5c7347e1274536f4

    • SHA512

      b383cc08485eae6f6f3653c7eec285c8af4c2e0b918790b6f1199201a0d94b714f9fa1ad4cb1db2c829d1a5167fa8b09803272daee2f12e9263ef8e24ec55dcc

    • SSDEEP

      192:xSp3RRDQGY+gt7cbCZFRrsXMF1SmKANa1Q9iSCyu:0kGBIZPIUriP

    Score
    3/10
    • Target

      Source/QtQuick/Controls/TextArea.qml

    • Size

      34KB

    • MD5

      49c43180e84c2c511be7ca6bf8165147

    • SHA1

      6457d4d20e1147c35d17ac7e9778a8291be458c4

    • SHA256

      accaefce99616f0485da074a78a20e6af80f5829adccf2f9f9103cad5c91b090

    • SHA512

      d39571bb3f82c6fb332a06f0912ed8e3d9fe2d0193e4e075907d635b73fb96f94b8da7adde0c27734f1e20bb4d50b13ad8d3658cd6161f5306aaac69ebe974e5

    • SSDEEP

      384:0kGuvtEdiGiunMPgVFHS1EngI+2d5GSy5Nt6Vyot+6M:pGulkvHS1462d54Nt6Vyot+6M

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

evasionexecutionpersistence
Score
8/10

behavioral2

lummaxmrigevasionexecutionminerpersistencespywarestealerupx
Score
10/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

execution
Score
3/10

behavioral8

execution
Score
3/10

behavioral9

execution
Score
3/10

behavioral10

execution
Score
3/10

behavioral11

execution
Score
3/10

behavioral12

execution
Score
3/10

behavioral13

execution
Score
3/10

behavioral14

execution
Score
3/10

behavioral15

execution
Score
3/10

behavioral16

execution
Score
3/10

behavioral17

execution
Score
3/10

behavioral18

execution
Score
3/10

behavioral19

execution
Score
3/10

behavioral20

execution
Score
3/10

behavioral21

execution
Score
3/10

behavioral22

execution
Score
3/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10