hijackloader | 1a060d1dabd86e25cb6aab039a0fdccd176cb033e5c7823164b97b9284e34191

Sharing

Copy URL

Twitter E-mail

General

Target

Setup.exe
Size

6.6MB
Sample

240720-1tpr7aygkp
MD5

e4301e8ae04291826a336629c424fa74
SHA1

c8de33288703388238ae6dfe03c3add4824b987a
SHA256

1a060d1dabd86e25cb6aab039a0fdccd176cb033e5c7823164b97b9284e34191
SHA512

4d4e79002ec144844db9e85f1b043e4d6a34ded9043c94424834ba010dc369a23ba421cffeea407772ad44f723805ec2e7ae26192b8253b98e0eb01fd48c8918
SSDEEP

98304:CaMrs0l5KHUN5EVo4UNPQKD+68kPiz8F+LsxAd8ZFhXGMXRdyf/S1crxA:f+rVWKD3tt+Ls+dmhXGGbmS6rxA

Score

10^/10

Malware Config

Extracted

Family

lumma

https://chapterrysopz.shop/api

https://unseaffarignsk.shop/api

https://shepherdlyopzc.shop/api

https://upknittsoappz.shop/api

https://liernessfornicsa.shop/api

https://outpointsozp.shop/api

https://callosallsaospz.shop/api

https://lariatedzugspd.shop/api

https://indexterityszcoxp.shop/api

https://reinforcedirectorywd.shop/api

Targets

- Target
  
  Setup.exe
- Size
  
  6.6MB
- MD5
  
  e4301e8ae04291826a336629c424fa74
- SHA1
  
  c8de33288703388238ae6dfe03c3add4824b987a
- SHA256
  
  1a060d1dabd86e25cb6aab039a0fdccd176cb033e5c7823164b97b9284e34191
- SHA512
  
  4d4e79002ec144844db9e85f1b043e4d6a34ded9043c94424834ba010dc369a23ba421cffeea407772ad44f723805ec2e7ae26192b8253b98e0eb01fd48c8918
- SSDEEP
  
  98304:CaMrs0l5KHUN5EVo4UNPQKD+68kPiz8F+LsxAd8ZFhXGMXRdyf/S1crxA:f+rVWKD3tt+Ls+dmhXGGbmS6rxA
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  11KB
- MD5
  
  d65973e31f6324acfb9669a98fb1d375
- SHA1
  
  bde1e7963b46366d186190ba69eb8530ad64572b
- SHA256
  
  9e1b4a31bedcbfecbafb4f0b3248bff00f1cc590b03dd41797d5dd39979e27b7
- SHA512
  
  29edd129f47174c16ffe964bbd50551c9b7edea038563cda0bdea90229827b23fbe01c765b7c9d2719df4edd58b30755b5d79e9cedc26b43c8833082bfc5c601
- SSDEEP
  
  192:QQux93kCB6nGYq1f9ymY1aulOaBETAJYkvQhvLrqVo25JF/:QLx937B6GY48HQulOGETAJYkvGLrEoSD
Score

3^/10
behavioral3 behavioral4
- Target
  
  IMHttpComm.dll
- Size
  
  32KB
- MD5
  
  a70d91a9fd7b65baa0355ee559098bd8
- SHA1
  
  546127579c06ae0ae4f63f216da422065a859e2f
- SHA256
  
  96d6264b26decf6595ca6f0584a1b60589ec5dacdf03ddf5fbb6104a6afc9e7a
- SHA512
  
  f13b735a47090c7c6cc6c2bf9148408ee6db179c96ee6428270541f27e50ad12cff7486f3a6ffac2ba83fd2e6e8e49661e6258f5aee97eb0f48771cbbd22aefa
- SSDEEP
  
  384:UYacYCuDAIKaDEsdpRPcWzXKNfdZ1uTslWfXLhxyM8OjrsVIObsU25hoe1nYPLMt:Scr9/i1AscZ1wf7h4bOjKRsIe1
Score

3^/10
behavioral5 behavioral6
- Target
  
  ImLc.exe
- Size
  
  302KB
- MD5
  
  62f06ce16a02ebab81871add6066666b
- SHA1
  
  47c52f3b5dc542d2509bcf1f723598b9b4e88d46
- SHA256
  
  88c6341f8779755aa42bf23b70f28a3835cb9e910cb3f47a1e79b8e959061184
- SHA512
  
  82a27a06f1aa5bbf83c697423ae433cbcd1738642c576398b32830b42223811d4cb7623aee24a7e5e77cdf3bbf3a2727120a4d16dcd5ffc6d19c6bd34134ff6c
- SSDEEP
  
  6144:2fzYe2KpQo3hELM/4QVG5stx4etDnOd2sdsKsKsKsKsEI6:2fzjp7hzx40VsdsKsKsKsKsEI6
Score

10^/10

persistence privilege_escalation lumma stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral7 behavioral8
- Target
  
  ImLookExU.dll
- Size
  
  262KB
- MD5
  
  6527be4d6a3333dc5a49218c4f80530d
- SHA1
  
  97c8965b01d2644fb17a0f818af59bc0471e38a7
- SHA256
  
  908ab22cb8fa1b9125cf5746e5591fd84e4853326a812b9431ca1c0b9e997e1f
- SHA512
  
  69a57cc28583861b97a02968106f007d56c2b5826fc5aa843978f0bf3a3f155ad9f2b7dfbe8260e38c2a7b1ed759f6f6fadbeef32cec9d7c4ab8f541f645dc5b
- SSDEEP
  
  6144:2X6ytmY4o8xnZSYDI73lFlNogVFl4OgqxLwSrIs:2X6ytmY4pZSYkTlNTfw2Is
Score

1^/10
behavioral10 behavioral9
- Target
  
  ImLookU.dll
- Size
  
  606KB
- MD5
  
  3ea6d805a18715f7368363dea3cd3f4c
- SHA1
  
  30ffafc1dd447172fa91404f07038d759c412464
- SHA256
  
  a6766c524497144d585efa4fe384b516b563203427003508f7c8f6bffa7c928d
- SHA512
  
  a102f23741de4ca2184485d9aa4ddd1a36b9ea52cb0859cfd264d69a9996293b7e29b325625f1f6f9330d6c80ff415e09e85e1ae838c58acef585ae8dffe3070
- SSDEEP
  
  6144:5hvkhcT5e0HWJ5/10UfCrXCL12gQhYwtHWDEyF0nb6rFBvJ+sbJeDH+8uGh7xgLX:5hvkhcTd2JxXCrS85h0Dh0nMKbz45
Score

1^/10
behavioral11 behavioral12
- Target
  
  ImNtUtilU.dll
- Size
  
  94KB
- MD5
  
  bb326fe795e2c1c19cd79f320e169fd3
- SHA1
  
  1c1f2b8d98f01870455712e6eba26d77753adcac
- SHA256
  
  a8e1b0e676dce9556037d29fd96521ec814858404ba4cfdd0db0edbe22c87bc7
- SHA512
  
  a1ec894151baa14e4ac1ee9471e8606bf74edd39f7833d9a1a44eee74d403f6b52780c135e9718ff9564fa27d7128c22b8410b21f77e6d804f698cfb4eda65a1
- SSDEEP
  
  1536:q01U2obLeNvXXZ6Wb/2LamjMkUYCTSZaKAxvSJKRDOAG921:NobLeNvXp6Ou+mjMkUYC2ZVAxxFOAG9s
Score

3^/10
behavioral13 behavioral14
- Target
  
  ImUtilsU.dll
- Size
  
  1.4MB
- MD5
  
  11d04f26d2fddde31baea41874db2dc9
- SHA1
  
  934492f00d56ea6a3aa2a41661529704e847c539
- SHA256
  
  01d00bbe1bb408c06417092f3e35c90d29fe4ee6a697e4e99c98c9891d852274
- SHA512
  
  4819cc1b1e924aaac97642bc0b566012547cfbac02721ab63ebdc039d88f81957d1de4089a47c645bd0f9f09de3c52f7ccdbcaa78005b2b335adc5dadc52b212
- SSDEEP
  
  24576:vEQCrQajY+S5eqyL9dj7GP4a6xKlnNYndIA1HVtFyr0Gnqb6WUU6ZljMFbDG0:YQj+S5epJl7+eenN5+HVmDqbUU6PUbDL
Score

1^/10
behavioral15 behavioral16
- Target
  
  ImWrappU.dll
- Size
  
  158KB
- MD5
  
  cbf4827a5920a5f02c50f78ed46d0319
- SHA1
  
  b035770e9d9283c61f8f8bbc041e3add0197de7b
- SHA256
  
  7187903a9e4078f4d31f4b709a59d24eb6b417ea289f4f28eabce1ea2e713dce
- SHA512
  
  d1a285fb630f55df700a74e5222546656de7d2da7e1419e2936078340767d0bab343b603ba0d07140c790eb5d79a8a34b7818b90316ea06cb9f53cad86b6d3f5
- SSDEEP
  
  1536:+Vcm093l7KjJdwXjCsZ+WymDAZZxgbgROgldJ+VEcn75A:+Vcm03ggjCsZDym6Og5+Vpm
Score

1^/10
behavioral17 behavioral18
- Target
  
  SftTree_IX86_U_60.dll
- Size
  
  570KB
- MD5
  
  57bf106e5ec51b703b83b69a402dc39f
- SHA1
  
  bd4cfab7c50318607326504cc877c0bc84ef56ef
- SHA256
  
  24f2399fc83198ab8d63ee6a1ad6ffbd1eda4d38048d3e809fecd2a3e0709671
- SHA512
  
  8bf60649ece6bbb66c7b94ed0d9214fbeab030d5813e1e7b5d6d2349ee1de9075b7dfbbbbeae5af0dc21b071a00eafce0771ca1804e6752e9a71e71e6b1447df
- SSDEEP
  
  6144:+F1oCaK7hWLMxQqTxNEaPe/cq0sJBJYzlRtcChgWPQnjLkV3Ij9DvAmintVM:koxK7hhNN1m/cq0sJ/YzNcCj0oVy8Y
Score

1^/10
behavioral19 behavioral20
- Target
  
  cateran.docx
- Size
  
  32KB
- MD5
  
  6ca0f9855f89f8d5b7c66afa03e9d333
- SHA1
  
  02bf7c58da5576d86f77699a5aaa2d059c254983
- SHA256
  
  24c74262346636f63b0c1afdb64ff000244610ad2ad6a46acb6a596433fede60
- SHA512
  
  0ba90446e7f6290f90d3b8b99ee0e8c03cd39e623cbd4ae4ab748c6174d52424b49ab50e765ae71fe278363f8c883c50a65a8e817c788d4a3930fffecab0cfe3
- SSDEEP
  
  768:hSMDC5ZCKOFpt292gaJgB6FZuD26V53Ln/p/uRb0lUE8/QZfueL5:457Ojt292gpIZubV53Ln/hul0Kw91
Score

4^/10
behavioral21 behavioral22
- Target
  
  mfc80u.dll
- Size
  
  1.0MB
- MD5
  
  ccc2e312486ae6b80970211da472268b
- SHA1
  
  025b52ff11627760f7006510e9a521b554230fee
- SHA256
  
  18be5d3c656236b7e3cd6d619d62496fe3e7f66bf2859e460f8ac3d1a6bdaa9a
- SHA512
  
  d6892abb1a85b9cf0fc6abe1c3aca6c46fc47541dffc2b75f311e8d2c9c1d367f265599456bd77be0e2b6d20c6c22ff5f0c46e7d9ba22c847ad1cbedc8ca3eff
- SSDEEP
  
  12288:o5lk6KUYmYRP6vAt9+J51r64f22JhPeEiz8F+p/xoOTa+S9XqNNw2ohW3:UyUaP64t9+JfrRJiz8F+p/N2/cmW
Score

1^/10
behavioral23 behavioral24
- Target
  
  msvcp80.dll
- Size
  
  536KB
- MD5
  
  4c8a880eabc0b4d462cc4b2472116ea1
- SHA1
  
  d0a27f553c0fe0e507c7df079485b601d5b592e6
- SHA256
  
  2026f3c4f830dff6883b88e2647272a52a132f25eb42c0d423e36b3f65a94d08
- SHA512
  
  6a6cce8c232f46dab9b02d29be5e0675cc1e968e9c2d64d0abc008d20c0a7baeb103a5b1d9b348fa1c4b3af9797dbcb6e168b14b545fb15c2ccd926c3098c31c
- SSDEEP
  
  12288:Q1HyurvZ0JPjuTtSu86th1n/hUgiW6QR7t5j3Ooc8NHkC2eo:Q1HyurvZ0liTwuhtjnj3Ooc8NHkC2eo
Score

1^/10
behavioral25 behavioral26
- Target
  
  msvcr80.dll
- Size
  
  612KB
- MD5
  
  e4fece18310e23b1d8fee993e35e7a6f
- SHA1
  
  9fd3a7f0522d36c2bf0e64fc510c6eea3603b564
- SHA256
  
  02bdde38e4c6bd795a092d496b8d6060cdbe71e22ef4d7a204e3050c1be44fa9
- SHA512
  
  2fb5f8d63a39ba5e93505df3a643d14e286fe34b11984cbed4b88e8a07517c03efb3a7bf9d61cf1ec73b0a20d83f9e6068e61950a61d649b8d36082bb034ddfc
- SSDEEP
  
  12288:6Fqi2VC1J7Zs7a5zchr46CIfsyZmGyYCqeC:6Ui2C1JdoiEdmGyYu
Score

1^/10
behavioral27 behavioral28
- Target
  
  wlessfp1.dll
- Size
  
  70KB
- MD5
  
  5120c44f241a12a3d5a3e87856477c13
- SHA1
  
  cd8a6ef728c48e17d570c8dc582ec49e17104f6d
- SHA256
  
  fbd4b6011d3d1c2af22827ca548ba19669eef31173d496e75f064ef7a884431c
- SHA512
  
  67c0e718368e950d42f007d6a21c6f903b084d6514f777b86aab3111ffe3be995949674276081c0281139a0b39119b84630a0ac341d4ae78677ac8346f371ae1
- SSDEEP
  
  1536:nEqYKdOEuqRKXd9ZWbIOinToIfYeyOgtPko:EqnB89ZouTBf5yOgtPko
Score

3^/10
behavioral29 behavioral30

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

Lumma Stealer

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30