General

  • Target

    jjkj (2).zip

  • Size

    2.4MB

  • Sample

    240707-cqeaaa1dlk

  • MD5

    678f8c0b8c9e5ced7471ce8e9a3a1fea

  • SHA1

    1e7d421ffcd66a188eb4342c12159168d650d95d

  • SHA256

    a79e0af13f5666e6bf70f1a423a1e89c48c7eb540afb7cb1cd61e146c104a009

  • SHA512

    60314fbe817b9f4c2b334c14f94382e60197e3991823e56e024da94237948aa3505390e288e11e411d03d99c6af45f50f6ee73ad73cc69ff2e737578564c832c

  • SSDEEP

    49152:vT6FikVauQ9WUY1TY6wKtl1nCGrwYqRYR4De9pT6FikVWAjCqg+sp8o:dkVaJ9hrNq1nCjVRYi6FkVWMCqG8o

Malware Config

Extracted

Family

lumma

C2

https://stationacutwo.shop/api

Targets

    • Target

      jjkj/SEMgrPS.dll

    • Size

      40KB

    • MD5

      76e12d39f82567db28b132e245d9e3ce

    • SHA1

      53cbd54614b8e21e78096d32ddebf0771b359c37

    • SHA256

      5edd09d2a2e2e03ac2fa7db4c7b9f4ee300c696534788dbedaf9cee617a97ab1

    • SHA512

      62de3ef3caf4997e0f1b02f5805a5da757c7506dcf5e6f93ed9870b6a53858dd24f588700dc2e6cd1d524291fb0fe1968169a52c53e9253244f7ebd633b89f4a

    • SSDEEP

      384:tASguFmJEqu2MZ3RDil1jt9exCUF9n10jaTANQ+1Lxdprb4Y75WRkWmmca9pa:KK9JbyFUF910GANQ+1pgYg

    Score
    1/10
    • Target

      jjkj/SensApi.dll

    • Size

      14KB

    • MD5

      738256d2e39103441efe79e2c17c39cd

    • SHA1

      133ca3ac0923dd862e1f75d2734f9f6547c04a18

    • SHA256

      ae507d88c83271e1ef0e8ace3f3782be042f157c1b8018e852a9b1d2f0e98727

    • SHA512

      8b2f702199778331948ca8ae984313ee532e66b448320d114ce837444ae823663c9063bd694e9edbcb0d84dce2a27baa76a1a9e0e494cf952fead0cba5057293

    • SSDEEP

      192:LTSZrurwtlbbvcuXnmbtwUrDOtFMYLlFMI99tQRyEtHl1/uLVW+KW:Sr7bNXmbtfrDOtuSP/9wRlHj/sW+KW

    Score
    1/10
    • Target

      jjkj/Solara.exe

    • Size

      60.5MB

    • MD5

      d8c788d251a84e00189ed5dcb00da40e

    • SHA1

      b745a5059ff6c12cc6b25ee40ae20e2df6d55a7c

    • SHA256

      e2f4755f73aec0977f1d6a04732eb1239a7c8b2f88049e4136c2720c95cac6b9

    • SHA512

      6eb4a3960e17baad8490c02ee6036a6fba3c9cc48ad340327778618b6e6e6e2d897dd33154cf6aedd511b713e9fcbb484d28c0dfbf092c3624a154d22582d39b

    • SSDEEP

      12288:0oxruugE3QDZcobhawYWhBuspcRMWsR5Zazx:0oxCugEAtZwWhBKsDsz

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

    • Target

      jjkj/lib/SettingsHandlers_AnalogShell.dll

    • Size

      234KB

    • MD5

      22a562def013921095d0e54787a620fd

    • SHA1

      2a260f351c4aa0338a7fe9fc08452889ea97665f

    • SHA256

      06d29294dd229e0886fe19c110ff96bb7d025a7985d597a79be7f57c89157f89

    • SHA512

      0928a68a08e0f45b86760eabdc406371942a1d2a034db95929f615f1e73eb44a6e437c378b98dce7df436c040d23c6d989556b2ea7bd026740d9eb34c8731fb0

    • SSDEEP

      3072:BS8YGOtOdpUBlD/ENYhgLXvC9TZDY4o13utA9WHdI8qphSio7K:Yh2Q2CKLfCdLoGIW9rqphSi

    Score
    1/10
    • Target

      jjkj/lib/SettingsHandlers_AppControl.dll

    • Size

      101KB

    • MD5

      b0aa59d540b22f00d1db216a30cb51f0

    • SHA1

      8d9985980cd63ed0fa6c042db47879d68c081058

    • SHA256

      070bc8975a8a2a72480861edab1a040fc91847dd4e4f3deecfb52e40a2c8e8a9

    • SHA512

      0cbe2c957496c002785770780cf7bf04db9e734b4da59cf028d0014f1c939c6ccc83f1c41bd47ace80bb0aa9b5f3e80499801b3821a257c93c7b7bc65fbe9145

    • SSDEEP

      3072:YLalDfGNwJ7ouT7jF3YHGybXH1k+Dy4M9IQd:LlzbJtT7jF3YHG2H1kYCI

    Score
    1/10
    • Target

      jjkj/lib/SettingsHandlers_AppExecutionAlias.dll

    • Size

      155KB

    • MD5

      b6c030927e1556240ccb24686738e6ad

    • SHA1

      b6e285dfcf26ac9b87b3f355057cdbbd0448d161

    • SHA256

      8819132a9c29688cef9a0523d15f5bc4bd7c663c0c77ca1a02071bc6bda2ec85

    • SHA512

      25c31532035da8570fb729c7cff58a21f47516cefd492a958c90a688afe05523a325d1a1b8b3cca32d875b9eb8cce605ee611ed05e2ff9b349de85473a432b5d

    • SSDEEP

      3072:XgMuPlKp9xRVukhF66ApyFZKmidt7rjO258FHJUv12zNTS0:X1uPw/xL9AIFZKV75WpUNoS

    Score
    1/10
    • Target

      jjkj/lib/SettingsHandlers_AssignedAccess.dll

    • Size

      376KB

    • MD5

      b6c594be6cdf9744614a7331f68c0c9e

    • SHA1

      962112c4dcca10ac791bcb92a71029a314e94ee9

    • SHA256

      aa55a05a4d6cc46b429fe2cfcaefae62a945b8ffccf4b6f7e9214b7dedb0bec5

    • SHA512

      af9493fd5e9284eae3d4f05bf3d501734c48f9b95051c5baef086e1bb6971015abf322bda44414c90d81dd11d79103ac9991a37f3b9dab68bff02021760cb96f

    • SSDEEP

      6144:afmx/zEcj6btDu8XiLhKRON/eqEjT6wTRWlV0ed3ZkK+:5zRatDuEiL0ROlNE5Timed6

    Score
    1/10
    • Target

      jjkj/lib/SettingsHandlers_Authentication.dll

    • Size

      324KB

    • MD5

      dd9bf0e72e1ec5050c1ee1def8e2b060

    • SHA1

      c8c2e4a590d039cea1ce8cdc84799a096673f77e

    • SHA256

      1060296c199bd32f70bfaef16ead33cde2fe6058215ebdd4879afda11daadbe5

    • SHA512

      97297ede53b104cf06f0a572d2a12e5fc506ec7412e54062c63546faba643c65007e707dff8cf041316c10fa3c2a63ea52affcfca5cf95f5a036a2ceb071832d

    • SSDEEP

      6144:kdhiCCrZKse8k0vJfCJEUCxgrRa/dbnfaHdEucKk:C5se8Z6eUE8a/iyu

    Score
    1/10
    • Target

      jjkj/lib/SettingsHandlers_BackgroundApps.dll

    • Size

      151KB

    • MD5

      13bb077422ade76fd5e1850613cde23b

    • SHA1

      326bda4877351f15c863181f4724323d039cb287

    • SHA256

      0135cb6b6864545d383da2f355d2715c301a7c2bb29a2a0f6172080946dd4ec4

    • SHA512

      6f681bc5df42052ee144cb54400bd9a96de1c268cc8129f64a853cf161cc5c698af68733b2b4396a437847a81d2802204cd7c7b6340c820edef93f406695746a

    • SSDEEP

      3072:hXqW9mB6SdvV3YVFMp0RXFjOzEUaphlDaho77KWnl0R49:h99tOEw0RXFjOzEvhCGWQl0

    Score
    1/10
    • Target

      jjkj/lib/SettingsHandlers_BatteryUsage.dll

    • Size

      244KB

    • MD5

      fec6540ad6da797c881027de8687bdaa

    • SHA1

      ce773843c110b7be1548480f661ee2892927e6c8

    • SHA256

      832a1035878e545c745f5b8d8344a03efd763ac6cbe3feb71d4f8cd1dc79f0db

    • SHA512

      043ef93c5acd74a39d6a0be064de39890ceacba2e460909941e29a165fe18efe32fb7830028a80fa1b890767ed79defba4fd00f7c8f9e8b9e8611a0b39b67872

    • SSDEEP

      6144:zrzqKcDIFMgGwgXIDG7qMlCg+Nd2Doz2hlr:UDIFMgysGWe+Ndfih

    Score
    1/10
    • Target

      jjkj/lib/SettingsHandlers_BrowserDeclutter.dll

    • Size

      151KB

    • MD5

      4eb0fa69169e3680c87e49a979219609

    • SHA1

      c986b61ee7c4bd3b2c86f3a42441b19b433ecbf9

    • SHA256

      c8c81b1e0ff456836a9767ed792e39a52e748c835545704c0e7948ac1729d981

    • SHA512

      5f6e87cdde88610b2a6bc0106cb543c0b72eb9f6d09397f14281cefbb86e750256ea08dc2242552ec2b17aa5b0e37227979951a0bb4902fa2859b882584e88b3

    • SSDEEP

      3072:7XBowHdpfhCpbxHB8oD+LzPy89qApYnzUbViQTaw3RwYyTVL67r:7XBow9LGtCaMm6bfTz8m7

    Score
    1/10
    • Target

      jjkj/lib/SettingsHandlers_CapabilityAccess.dll

    • Size

      294KB

    • MD5

      3b81f5218e93abaf65bf9a9ca95146b9

    • SHA1

      271e3c047e7f1428a6d251b3bae3d3bf03bb9e6e

    • SHA256

      a0b5aaaadf64deb274a0f019c9674b21a4dc1965ff10ba4d0a8ab96127d2b175

    • SHA512

      3c627cf41cdb9aaa1d7054df4f4d150307f7e5db3f3f33faf6ef89d06b3a33d5663a5f5c97d1d6b535750660b8522e1efc814e8402db1f9a84df6219dfb45745

    • SSDEEP

      6144:UhsRCnFzRcSaRmxkVDOm0SuRV8VdTj7g:ysRCnFVP0ukVd7g

    Score
    1/10
    • Target

      jjkj/lib/SettingsHandlers_Clipboard.dll

    • Size

      194KB

    • MD5

      d1d5a50eb4793f7652e8a9df49c33ee1

    • SHA1

      3ebfa8aee98d333ea2e896f41f573c6a28ad06b8

    • SHA256

      a165fcff00911ec4924905405b681f90c4a77ceebafeb7b2a1186333913c65c9

    • SHA512

      1f753c0b62f349d125f7c7ff16e29377d7ec1bfc30c442717a474d1d02bd6655fce29457cc178a42bf50f849388a5d23ace388bd2a3d5c3766140053eb42fe6c

    • SSDEEP

      6144:qZSIeNljCYXlYEH1mneDT3c7g1flzrvHcY/2vBJA1:qZALXlY8m0

    Score
    1/10
    • Target

      jjkj/lib/SettingsHandlers_ClosedCaptioning.dll

    • Size

      140KB

    • MD5

      1344af07b859720cd3599bdb0d60ba4b

    • SHA1

      5d151ccc4cfe16d3338afdd08cfd02fe9e60fbe1

    • SHA256

      84bd469f206c8b4d85b8018ee18c644e21f3b0c2579763d97ce7e3b59ca610b6

    • SHA512

      692970e3c5c9c6b8c24c13a6c16586a4ac937c03c18a0b4506ba5cf80a491a87da3ee36f1e320da8d8e792738d599b892b1825763f127057faf10be603c8fabf

    • SSDEEP

      3072:fy416t6sOClHf/dBHK86NoQn+jQpqHg/Inx:f51kOClHf/dcwoIn

    Score
    1/10
    • Target

      jjkj/lib/SettingsHandlers_ContentDeliveryManager.dll

    • Size

      173KB

    • MD5

      46d3ba8c9a2eb3848c3b256c5c43aa47

    • SHA1

      1cf262354c0d8021edd8150cffc7be54a97ec067

    • SHA256

      82f0cd9faaaa9024e3b8fdf0aadf159946d11ba047c388708f913ac9e479421b

    • SHA512

      4fd0c9b4b365a3f926e746c8ff119eadb73420e47fea6102dcf0678b4487f7d90d9cc3b07fb002e3527a6b5449047dc507752a4591bd2d0315e218c424bca18c

    • SSDEEP

      3072:ABObkgZQkV228TGIyCvz7zAcFbfaaZ79HRDtclrDslE:AYbjZQ0h8TGIlvz7zAcFzlZ79HAFDsl

    Score
    1/10
    • Target

      jjkj/lib/SettingsHandlers_Cortana.dll

    • Size

      320KB

    • MD5

      023a280ed5ad4bb158206123af11f5c6

    • SHA1

      c1f10c436973a97990536d935c6a76586a819d04

    • SHA256

      c2f294c3e1fae4dfb3347b06c76c0b2702fc0e52a764d16d6808244657c9dda2

    • SHA512

      0f479b498c871bd2dc0806b15f68c2ef17f82861aef53e2fca18feb00b4c0851a66f95ae35fb343ddd962ed4896e27355a2bd13bda640caf6a56007b68f61507

    • SSDEEP

      6144:rg+5fqkeS4y4duf7Ww5XkPtfBxl3neLVzkZxn+fGclTJsgRZvK:/qkeNy4dg5HjK

    Score
    1/10
    • Target

      jjkj/lib/SettingsHandlers_Devices.dll

    • Size

      593KB

    • MD5

      998a842f38810c34cadd06e34998b6f0

    • SHA1

      b4c34b32ad626d9cfd64b43604d8334bebeb5dd3

    • SHA256

      d9c38f3d00e0a61af8fe14acb010aee4db2a20e696bcdca9718426389103b9ca

    • SHA512

      225b77905637a2b30bbfb518eeb67ac08e702a41047a953e8a1b27df366706893a258f463d41b8a043612f923b061639a0c6c003852916d1ffa96d01efc5addd

    • SSDEEP

      6144:/KD5/wa5U5s9jqRhFwSlYPd5FJOiEUBDmjELDEEE8uE3blFrjv3wbpHxUZ4WKP2B:eBwIU5AqRhFwSlYP+i5XE2ZFrjIxv87

    Score
    1/10
    • Target

      jjkj/lib/sedplugins.dll

    • Size

      574KB

    • MD5

      0c4b3b8740274056b1b6b3e0230aee96

    • SHA1

      1549fbbb6a366c9cc9da03cb0704d549a4d7afe1

    • SHA256

      41b0e5dd2795abeb347f1e85be172e0d8abc08e7538485cb6107b0caf2968287

    • SHA512

      e3bdf4316ca3630b51725eb317c15e1c13d102ddbaf094a7298c86c2f1001207ca879af1a35f8da31da57ced56e7d820ce91c226ad7bda1c87f2141a10eaab9b

    • SSDEEP

      12288:UH508DsCAFMWhHtH6ZTb4rjG7+5W7HAN4n:UH508w1OGtH6Bv7+5lN4n

    Score
    1/10
    • Target

      jjkj/sedplugins.dll

    • Size

      574KB

    • MD5

      0c4b3b8740274056b1b6b3e0230aee96

    • SHA1

      1549fbbb6a366c9cc9da03cb0704d549a4d7afe1

    • SHA256

      41b0e5dd2795abeb347f1e85be172e0d8abc08e7538485cb6107b0caf2968287

    • SHA512

      e3bdf4316ca3630b51725eb317c15e1c13d102ddbaf094a7298c86c2f1001207ca879af1a35f8da31da57ced56e7d820ce91c226ad7bda1c87f2141a10eaab9b

    • SSDEEP

      12288:UH508DsCAFMWhHtH6ZTb4rjG7+5W7HAN4n:UH508w1OGtH6Bv7+5lN4n

    Score
    1/10
    • Target

      jjkj/sendmail.dll

    • Size

      144KB

    • MD5

      797a7e4537d538e045b2bf239259a925

    • SHA1

      f4dbc8d5b2d108200126d3b5b072b03ee3d6cc23

    • SHA256

      b5e80992e94fe42b23f4cadc29bc5272f2ec868c36fbe1de90f1b5dcca2394ad

    • SHA512

      7193044407dc3945150467453ee4cf7cec7fce2abb189aee9882104a2b99eb128691f10f29ebf421f833468d3d4da1d0cf6d5df6eba98255627675dcd2353de6

    • SSDEEP

      1536:75AKIc+5W38vl11d+ItKUvJ5TGL1tsOmslzaJtgBPwoMyV2eJN:2Pjl5+ItKUh56pyj2w0VZv

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks