Overview

overview

10

Static

static

10

Setup.exe

windows7-x64

7

Setup.exe

windows10-2004-x64

7

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

IMHttpComm.dll

windows7-x64

3

IMHttpComm.dll

windows10-2004-x64

3

ImLc.exe

windows7-x64

7

ImLc.exe

windows10-2004-x64

10

ImLookExU.dll

windows7-x64

1

ImLookExU.dll

windows10-2004-x64

1

ImLookU.dll

windows7-x64

1

ImLookU.dll

windows10-2004-x64

1

ImNtUtilU.dll

windows7-x64

3

ImNtUtilU.dll

windows10-2004-x64

3

ImUtilsU.dll

windows7-x64

1

ImUtilsU.dll

windows10-2004-x64

1

ImWrappU.dll

windows7-x64

1

ImWrappU.dll

windows10-2004-x64

1

SftTree_IX86_U_60.dll

windows7-x64

1

SftTree_IX86_U_60.dll

windows10-2004-x64

1

cateran.docx

windows7-x64

4

cateran.docx

windows10-2004-x64

1

mfc80u.dll

windows7-x64

1

mfc80u.dll

windows10-2004-x64

1

msvcp80.dll

windows7-x64

1

msvcp80.dll

windows10-2004-x64

1

msvcr80.dll

windows7-x64

1

msvcr80.dll

windows10-2004-x64

1

wlessfp1.dll

windows7-x64

3

wlessfp1.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Setup.exe

  • Size

    6.6MB

  • Sample

    240720-1tpr7aygkp

  • MD5

    e4301e8ae04291826a336629c424fa74

  • SHA1

    c8de33288703388238ae6dfe03c3add4824b987a

  • SHA256

    1a060d1dabd86e25cb6aab039a0fdccd176cb033e5c7823164b97b9284e34191

  • SHA512

    4d4e79002ec144844db9e85f1b043e4d6a34ded9043c94424834ba010dc369a23ba421cffeea407772ad44f723805ec2e7ae26192b8253b98e0eb01fd48c8918

  • SSDEEP

    98304:CaMrs0l5KHUN5EVo4UNPQKD+68kPiz8F+LsxAd8ZFhXGMXRdyf/S1crxA:f+rVWKD3tt+Ls+dmhXGGbmS6rxA

Score
10/10
hijackloaderlummapersistenceprivilege_escalationstealer

Malware Config

Extracted

Family

lumma

C2

https://chapterrysopz.shop/api

https://unseaffarignsk.shop/api

https://shepherdlyopzc.shop/api

https://upknittsoappz.shop/api

https://liernessfornicsa.shop/api

https://outpointsozp.shop/api

https://callosallsaospz.shop/api

https://lariatedzugspd.shop/api

https://indexterityszcoxp.shop/api

https://reinforcedirectorywd.shop/api

Targets

    • Target

      Setup.exe

    • Size

      6.6MB

    • MD5

      e4301e8ae04291826a336629c424fa74

    • SHA1

      c8de33288703388238ae6dfe03c3add4824b987a

    • SHA256

      1a060d1dabd86e25cb6aab039a0fdccd176cb033e5c7823164b97b9284e34191

    • SHA512

      4d4e79002ec144844db9e85f1b043e4d6a34ded9043c94424834ba010dc369a23ba421cffeea407772ad44f723805ec2e7ae26192b8253b98e0eb01fd48c8918

    • SSDEEP

      98304:CaMrs0l5KHUN5EVo4UNPQKD+68kPiz8F+LsxAd8ZFhXGMXRdyf/S1crxA:f+rVWKD3tt+Ls+dmhXGGbmS6rxA

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      11KB

    • MD5

      d65973e31f6324acfb9669a98fb1d375

    • SHA1

      bde1e7963b46366d186190ba69eb8530ad64572b

    • SHA256

      9e1b4a31bedcbfecbafb4f0b3248bff00f1cc590b03dd41797d5dd39979e27b7

    • SHA512

      29edd129f47174c16ffe964bbd50551c9b7edea038563cda0bdea90229827b23fbe01c765b7c9d2719df4edd58b30755b5d79e9cedc26b43c8833082bfc5c601

    • SSDEEP

      192:QQux93kCB6nGYq1f9ymY1aulOaBETAJYkvQhvLrqVo25JF/:QLx937B6GY48HQulOGETAJYkvGLrEoSD

    Score
    3/10
    behavioral3behavioral4

    • Target

      IMHttpComm.dll

    • Size

      32KB

    • MD5

      a70d91a9fd7b65baa0355ee559098bd8

    • SHA1

      546127579c06ae0ae4f63f216da422065a859e2f

    • SHA256

      96d6264b26decf6595ca6f0584a1b60589ec5dacdf03ddf5fbb6104a6afc9e7a

    • SHA512

      f13b735a47090c7c6cc6c2bf9148408ee6db179c96ee6428270541f27e50ad12cff7486f3a6ffac2ba83fd2e6e8e49661e6258f5aee97eb0f48771cbbd22aefa

    • SSDEEP

      384:UYacYCuDAIKaDEsdpRPcWzXKNfdZ1uTslWfXLhxyM8OjrsVIObsU25hoe1nYPLMt:Scr9/i1AscZ1wf7h4bOjKRsIe1

    Score
    3/10
    behavioral5behavioral6

    • Target

      ImLc.exe

    • Size

      302KB

    • MD5

      62f06ce16a02ebab81871add6066666b

    • SHA1

      47c52f3b5dc542d2509bcf1f723598b9b4e88d46

    • SHA256

      88c6341f8779755aa42bf23b70f28a3835cb9e910cb3f47a1e79b8e959061184

    • SHA512

      82a27a06f1aa5bbf83c697423ae433cbcd1738642c576398b32830b42223811d4cb7623aee24a7e5e77cdf3bbf3a2727120a4d16dcd5ffc6d19c6bd34134ff6c

    • SSDEEP

      6144:2fzYe2KpQo3hELM/4QVG5stx4etDnOd2sdsKsKsKsKsEI6:2fzjp7hzx40VsdsKsKsKsKsEI6

    Score
    10/10
    persistenceprivilege_escalationlummastealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral7behavioral8

    • Target

      ImLookExU.dll

    • Size

      262KB

    • MD5

      6527be4d6a3333dc5a49218c4f80530d

    • SHA1

      97c8965b01d2644fb17a0f818af59bc0471e38a7

    • SHA256

      908ab22cb8fa1b9125cf5746e5591fd84e4853326a812b9431ca1c0b9e997e1f

    • SHA512

      69a57cc28583861b97a02968106f007d56c2b5826fc5aa843978f0bf3a3f155ad9f2b7dfbe8260e38c2a7b1ed759f6f6fadbeef32cec9d7c4ab8f541f645dc5b

    • SSDEEP

      6144:2X6ytmY4o8xnZSYDI73lFlNogVFl4OgqxLwSrIs:2X6ytmY4pZSYkTlNTfw2Is

    Score
    1/10
    behavioral10behavioral9

    • Target

      ImLookU.dll

    • Size

      606KB

    • MD5

      3ea6d805a18715f7368363dea3cd3f4c

    • SHA1

      30ffafc1dd447172fa91404f07038d759c412464

    • SHA256

      a6766c524497144d585efa4fe384b516b563203427003508f7c8f6bffa7c928d

    • SHA512

      a102f23741de4ca2184485d9aa4ddd1a36b9ea52cb0859cfd264d69a9996293b7e29b325625f1f6f9330d6c80ff415e09e85e1ae838c58acef585ae8dffe3070

    • SSDEEP

      6144:5hvkhcT5e0HWJ5/10UfCrXCL12gQhYwtHWDEyF0nb6rFBvJ+sbJeDH+8uGh7xgLX:5hvkhcTd2JxXCrS85h0Dh0nMKbz45

    Score
    1/10
    behavioral11behavioral12

    • Target

      ImNtUtilU.dll

    • Size

      94KB

    • MD5

      bb326fe795e2c1c19cd79f320e169fd3

    • SHA1

      1c1f2b8d98f01870455712e6eba26d77753adcac

    • SHA256

      a8e1b0e676dce9556037d29fd96521ec814858404ba4cfdd0db0edbe22c87bc7

    • SHA512

      a1ec894151baa14e4ac1ee9471e8606bf74edd39f7833d9a1a44eee74d403f6b52780c135e9718ff9564fa27d7128c22b8410b21f77e6d804f698cfb4eda65a1

    • SSDEEP

      1536:q01U2obLeNvXXZ6Wb/2LamjMkUYCTSZaKAxvSJKRDOAG921:NobLeNvXp6Ou+mjMkUYC2ZVAxxFOAG9s

    Score
    3/10
    behavioral13behavioral14

    • Target

      ImUtilsU.dll

    • Size

      1.4MB

    • MD5

      11d04f26d2fddde31baea41874db2dc9

    • SHA1

      934492f00d56ea6a3aa2a41661529704e847c539

    • SHA256

      01d00bbe1bb408c06417092f3e35c90d29fe4ee6a697e4e99c98c9891d852274

    • SHA512

      4819cc1b1e924aaac97642bc0b566012547cfbac02721ab63ebdc039d88f81957d1de4089a47c645bd0f9f09de3c52f7ccdbcaa78005b2b335adc5dadc52b212

    • SSDEEP

      24576:vEQCrQajY+S5eqyL9dj7GP4a6xKlnNYndIA1HVtFyr0Gnqb6WUU6ZljMFbDG0:YQj+S5epJl7+eenN5+HVmDqbUU6PUbDL

    Score
    1/10
    behavioral15behavioral16

    • Target

      ImWrappU.dll

    • Size

      158KB

    • MD5

      cbf4827a5920a5f02c50f78ed46d0319

    • SHA1

      b035770e9d9283c61f8f8bbc041e3add0197de7b

    • SHA256

      7187903a9e4078f4d31f4b709a59d24eb6b417ea289f4f28eabce1ea2e713dce

    • SHA512

      d1a285fb630f55df700a74e5222546656de7d2da7e1419e2936078340767d0bab343b603ba0d07140c790eb5d79a8a34b7818b90316ea06cb9f53cad86b6d3f5

    • SSDEEP

      1536:+Vcm093l7KjJdwXjCsZ+WymDAZZxgbgROgldJ+VEcn75A:+Vcm03ggjCsZDym6Og5+Vpm

    Score
    1/10
    behavioral17behavioral18

    • Target

      SftTree_IX86_U_60.dll

    • Size

      570KB

    • MD5

      57bf106e5ec51b703b83b69a402dc39f

    • SHA1

      bd4cfab7c50318607326504cc877c0bc84ef56ef

    • SHA256

      24f2399fc83198ab8d63ee6a1ad6ffbd1eda4d38048d3e809fecd2a3e0709671

    • SHA512

      8bf60649ece6bbb66c7b94ed0d9214fbeab030d5813e1e7b5d6d2349ee1de9075b7dfbbbbeae5af0dc21b071a00eafce0771ca1804e6752e9a71e71e6b1447df

    • SSDEEP

      6144:+F1oCaK7hWLMxQqTxNEaPe/cq0sJBJYzlRtcChgWPQnjLkV3Ij9DvAmintVM:koxK7hhNN1m/cq0sJ/YzNcCj0oVy8Y

    Score
    1/10
    behavioral19behavioral20

    • Target

      cateran.docx

    • Size

      32KB

    • MD5

      6ca0f9855f89f8d5b7c66afa03e9d333

    • SHA1

      02bf7c58da5576d86f77699a5aaa2d059c254983

    • SHA256

      24c74262346636f63b0c1afdb64ff000244610ad2ad6a46acb6a596433fede60

    • SHA512

      0ba90446e7f6290f90d3b8b99ee0e8c03cd39e623cbd4ae4ab748c6174d52424b49ab50e765ae71fe278363f8c883c50a65a8e817c788d4a3930fffecab0cfe3

    • SSDEEP

      768:hSMDC5ZCKOFpt292gaJgB6FZuD26V53Ln/p/uRb0lUE8/QZfueL5:457Ojt292gpIZubV53Ln/hul0Kw91

    Score
    4/10
    behavioral21behavioral22

    • Target

      mfc80u.dll

    • Size

      1.0MB

    • MD5

      ccc2e312486ae6b80970211da472268b

    • SHA1

      025b52ff11627760f7006510e9a521b554230fee

    • SHA256

      18be5d3c656236b7e3cd6d619d62496fe3e7f66bf2859e460f8ac3d1a6bdaa9a

    • SHA512

      d6892abb1a85b9cf0fc6abe1c3aca6c46fc47541dffc2b75f311e8d2c9c1d367f265599456bd77be0e2b6d20c6c22ff5f0c46e7d9ba22c847ad1cbedc8ca3eff

    • SSDEEP

      12288:o5lk6KUYmYRP6vAt9+J51r64f22JhPeEiz8F+p/xoOTa+S9XqNNw2ohW3:UyUaP64t9+JfrRJiz8F+p/N2/cmW

    Score
    1/10
    behavioral23behavioral24

    • Target

      msvcp80.dll

    • Size

      536KB

    • MD5

      4c8a880eabc0b4d462cc4b2472116ea1

    • SHA1

      d0a27f553c0fe0e507c7df079485b601d5b592e6

    • SHA256

      2026f3c4f830dff6883b88e2647272a52a132f25eb42c0d423e36b3f65a94d08

    • SHA512

      6a6cce8c232f46dab9b02d29be5e0675cc1e968e9c2d64d0abc008d20c0a7baeb103a5b1d9b348fa1c4b3af9797dbcb6e168b14b545fb15c2ccd926c3098c31c

    • SSDEEP

      12288:Q1HyurvZ0JPjuTtSu86th1n/hUgiW6QR7t5j3Ooc8NHkC2eo:Q1HyurvZ0liTwuhtjnj3Ooc8NHkC2eo

    Score
    1/10
    behavioral25behavioral26

    • Target

      msvcr80.dll

    • Size

      612KB

    • MD5

      e4fece18310e23b1d8fee993e35e7a6f

    • SHA1

      9fd3a7f0522d36c2bf0e64fc510c6eea3603b564

    • SHA256

      02bdde38e4c6bd795a092d496b8d6060cdbe71e22ef4d7a204e3050c1be44fa9

    • SHA512

      2fb5f8d63a39ba5e93505df3a643d14e286fe34b11984cbed4b88e8a07517c03efb3a7bf9d61cf1ec73b0a20d83f9e6068e61950a61d649b8d36082bb034ddfc

    • SSDEEP

      12288:6Fqi2VC1J7Zs7a5zchr46CIfsyZmGyYCqeC:6Ui2C1JdoiEdmGyYu

    Score
    1/10
    behavioral27behavioral28

    • Target

      wlessfp1.dll

    • Size

      70KB

    • MD5

      5120c44f241a12a3d5a3e87856477c13

    • SHA1

      cd8a6ef728c48e17d570c8dc582ec49e17104f6d

    • SHA256

      fbd4b6011d3d1c2af22827ca548ba19669eef31173d496e75f064ef7a884431c

    • SHA512

      67c0e718368e950d42f007d6a21c6f903b084d6514f777b86aab3111ffe3be995949674276081c0281139a0b39119b84630a0ac341d4ae78677ac8346f371ae1

    • SSDEEP

      1536:nEqYKdOEuqRKXd9ZWbIOinToIfYeyOgtPko:EqnB89ZouTBf5yOgtPko

    Score
    3/10
    behavioral29behavioral30

MITRE ATT&CK Enterprise v15

Tasks

static1

hijackloader
Score
10/10

behavioral1

Score
7/10

behavioral2

Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

persistenceprivilege_escalation
Score
7/10

behavioral8

lummapersistenceprivilege_escalationstealer
Score
10/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
4/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
3/10

behavioral30

Score
3/10