banload

Sharing

Copy URL

Twitter E-mail

General

Target

!!SetUp_2244_PassW0rds$.zip
Size

10.4MB
Sample

240825-r3kp6azamg
MD5

41ceb7544c4f077303f7d9d5e41ebd20
SHA1

c6a48ae6ba43446e98629929dd3e21656ebcf530
SHA256

d3d35ff8f3f4c305ccc30fd1b93c1f57fa5618aac9c66be7dfa96363322fb706
SHA512

8856ee797e7bfcd2b6f84adc76a2e651bd68bfe568a512689847e7c08d377aa5a0a1124fa0809e1d8459308e6bb747bd75676aa80a7f49ae725ee9ca419c0d45
SSDEEP

196608:J1pzZuTJozxpAKwhcyZov8FrKQ20/sIQ5I/EejqxXqZKerebfzRK:J1Lu67whRUGKhOxQiMxNereb7RK

Score

10^/10

Malware Config

Extracted

Family

lumma

https://calcuatllitwop.shop/api

https://locatedblsoqp.shop/api

https://traineiwnqo.shop/api

https://condedqpwqm.shop/api

https://millyscroqwp.shop/api

https://stagedchheiqwo.shop/api

https://stamppreewntnq.shop/api

https://caffegclasiqwp.shop/api

https://tenntysjuxmz.shop/api

Targets

- Target
  
  Setup.exe
- Size
  
  8.5MB
- MD5
  
  98169506fec94c2b12ba9930ad704515
- SHA1
  
  bce662a9fb94551f648ba2d7e29659957fd6a428
- SHA256
  
  9b8a5b0a45adf843e24214b46c285e44e73bc6eaf9e2a3b2c14a6d93ae541363
- SHA512
  
  7f4f7ac2326a1a8b7afc72822dae328753578eb0a4ffcec5adb4e4fb0c49703070f71e7411df221ee9f44d6b43a0a94921fe530877c5d5e71640b807e96def30
- SSDEEP
  
  196608:vdoUox8PFOegKz+qE1cnuyHgv3eZaOxqeXY4K:vC0O9m7EWEvbOxqetK
Score

10^/10

banload lumma discovery downloader dropper evasion persistence privilege_escalation stealer trojan
- Banload
  Banload variants download malicious files, then install and execute the files.
  trojan dropper downloader banload
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  acdbase.dll
- Size
  
  2.9MB
- MD5
  
  6a52a380622f4fae9a76d41b85bdd01c
- SHA1
  
  8aac23a2658f6443b8ee55edbf218339d01aedf0
- SHA256
  
  c614f03143dee117d65a219f4459d15229f0ef005f7d577ce79e3ce3a32df2d3
- SHA512
  
  acdc61d770ebc25a9d9ddcc7afb2ef672ac857f03e7f90676d8356778ab37ce84534d7e03ec7a4ad7a128bd5a271fb9b5ee5b099ce1e75e121ee082fcd9beb41
- SSDEEP
  
  49152:LzvI/48LzIpH2aTZ70W6pVLOVicH+4T7snimYvtgbgwvWgfFv5COWaUsz7Xapv3n:uIpHGpVL7nimatSgSWhOWaUsz7Xapv3n
Score

1^/10
behavioral3 behavioral4
- Target
  
  api-ms-win-crt-convert-l1-1-0.dll
- Size
  
  25KB
- MD5
  
  9f812bd3815909e559b15cb13489f294
- SHA1
  
  df751c956f59b4e3c82496d86895adc7cc1a1619
- SHA256
  
  ce6fcc2ddf21720c92bee04f5736a4787acffa970a1b0dbeea39ff5efec52c75
- SHA512
  
  0a360e8b81bf80cb6bdf240d627ddcf71b1a4ca42759de61b2d27fab521a8e6e3afa308cc69caf5a7c8b14d98d3d448f0d400ae1826cbe7d0f0ceafd14682064
- SSDEEP
  
  192:j9cyRWhhWnWGxVA6VWQ4cRWstTmz56CqRqNX01k9z3A8oX9l3zX:2yRWhhWfxdlvC5DNR9zrGnb
Score

1^/10
behavioral5
- Target
  
  api-ms-win-crt-environment-l1-1-0.dll
- Size
  
  21KB
- MD5
  
  1a72e5f24214eb723e03a22ff53f8a22
- SHA1
  
  578d1dbfb22e9ff3b10c095d6a06acaf15469709
- SHA256
  
  fda46141c236a11054d4d3756a36da4412c82dd7877daad86cb65bf53d81ca1a
- SHA512
  
  530e693daecc7c7080b21e39b856c538bb755516aafdb6839a23768f40bcfc38d71b19586e8c8e37bb1c2b7a7c31fcb8e24a2315a8dd90f50fec22f973d86cb4
- SSDEEP
  
  192:CWhhWzWvkJ0f5AbVWQ4mWluxFlZNKd2kQX01k9z3Ad4M6tyOM:CWhhW3aabtF3NNPR9zw4JtyOM
Score

1^/10
behavioral6
- Target
  
  api-ms-win-crt-heap-l1-1-0.dll
- Size
  
  21KB
- MD5
  
  9d136bbecf98a931e6371346059b5626
- SHA1
  
  2466e66bfd88dd66c1c693cbb95ea8a91b9558cd
- SHA256
  
  7617838af1b589f57e4fe9fee1e1412101878e6d3287cdc52a51cd03e3983717
- SHA512
  
  8c720c798d2a06f48b106a0a1ef38be9b4a2aebe2a657c8721278afa9fdbab9da2a672f47b7996ca1ce7517015d361d77963c686e0ae637a98c32fd75e5d0610
- SSDEEP
  
  192:9vh8Y17aFBRUWhhW1WGxVA6VWQ4cRWKksNQlO8X01k9z3AenWcK:RLRWhhWhxdl/KlO8R9zh4
Score

1^/10
behavioral7
- Target
  
  api-ms-win-crt-runtime-l1-1-0.dll
- Size
  
  25KB
- MD5
  
  6b39d005deb6c5ef2c9dd9e013b32252
- SHA1
  
  79a0736454befd88ba8d6bd88794d07712e38a67
- SHA256
  
  b0e50572eb82a46ed499775e95bfde7cb25c498957432c18c20cf930f332efd0
- SHA512
  
  50bc1f669499589a480379d72166dae701914427d51223994d63a0363420ca6fdde07010803270a62451afea9e4ae55206d8a4c00ca4680e7a9120cd33f99a0f
- SSDEEP
  
  192:lmGqX8mPrpJhhf4AN5/Ki9WhhWjmWGxVA6VWQ4cRW1XZ56CqRqNX01k9z3A8oXil:lysyr7LWhhWWxdl0Z5DNR9zrG25
Score

1^/10
behavioral8
- Target
  
  api-ms-win-crt-stdio-l1-1-0.dll
- Size
  
  25KB
- MD5
  
  97f24295c9bd6e1acae0c391e68a64cf
- SHA1
  
  75700dce304c45ec330a9405523f0f22e5dcbb18
- SHA256
  
  189d551fb3cba3dbb9b9c1797e127a52ac486d996f0ac7cba864fe35984a8d28
- SHA512
  
  cac75f623545c41b2597a25c14f2af7eb93e3e768b345d3b0e1928d8fd1f12bec39b18b8277f9550aa6a66d9cfe1bf6c3db93ae1eb2a6c07019d4f210b3e5998
- SSDEEP
  
  192:6uV2OlkuWYFxEpah/WhhWQWGxVA6VWQ4cRWqfyMbNQlO8X01k9z3Aen2yMJ:DV2oFVh/WhhWoxdlH6GKlO8R9zh2yi
Score

1^/10
behavioral9
- Target
  
  api-ms-win-crt-string-l1-1-0.dll
- Size
  
  25KB
- MD5
  
  d282a4fa046d05d40d138cc68c518914
- SHA1
  
  d5012090399f405ffe7d2fed09650e3544528322
- SHA256
  
  8b1471101145343da5f2c5981c515da4dfae783622ed71d40693fe59c3088d7a
- SHA512
  
  718926e728627f67ba60a391339b784accd861a15596f90d7f4e6292709ac3d170bcbca3cbf6267635136cb00b4f93da7dfd219fa0beee0cf8d95ce7090409e4
- SSDEEP
  
  768:mCV5yguNvZ5VQgx3SbwA71IkFlRzoOQ9zrg:h5yguNvZ5VQgx3SbwA71IuRzez
Score

1^/10
behavioral10
- Target
  
  api-ms-win-crt-time-l1-1-0.dll
- Size
  
  21KB
- MD5
  
  6d35a57a6d8d569f870b96e00e7f1f4d
- SHA1
  
  8407bdb3cd5ec15b2ce738b3dbd704aa289ce3e1
- SHA256
  
  f41511e477a164eb9451ca51fb3810437f3b15f21e6f5c6ce0956e84ec823723
- SHA512
  
  4317b86d32ca93e5f0d832819cf1ab8af68e853a19eb07dd1fa4d168a0b2a8eab309194884ed3a613b09fc6d511be872a053f76f00ea443499006cdd226fea8f
- SSDEEP
  
  192:mm3hwD2WhhWq4WGxVA6VWQ4cRWY9y56CqRqNX01k9z3A8oXTlxWBR:HWhhWVxdlG5DNR9zrG/0R
Score

1^/10
behavioral11
- Target
  
  api-ms-win-crt-utility-l1-1-0.dll
- Size
  
  21KB
- MD5
  
  8ed70910380aa0b28317512d72762cc0
- SHA1
  
  0421518370f24f9559f96459d0798d98b81ea732
- SHA256
  
  f15af0db93d9385ff9d8efdc06aacd0729d0dfcb66e91ca0243bb160f2ed89d0
- SHA512
  
  b31ef07eaac310fdd3df3546246e7dc696595b8e92141e3db79a44ddc3358b12129e3829a53c76d0fef214e3f29dba77fa5d556211830a140ea34ff62258d9d7
- SSDEEP
  
  192:Z/fHQduzWhhWqzWvkJ0f5AbVWQ42WIknbx6IVnKaQwP7yX01k9z3AcK:Z/fFWhhWq3aabObx6zaHeR9zTK
Score

1^/10
behavioral12
- Target
  
  libmmd.dll
- Size
  
  4.0MB
- MD5
  
  42943c6acaf8d5ca953911b2bb99fc14
- SHA1
  
  ea719eafd2857b43b20228827f5596f1137ac3d5
- SHA256
  
  427ef018d494bf6cb8531ab3bbcb501ed4c8c7c6479097b33ab4d15750eccc4c
- SHA512
  
  85e71abc6db8a2e4eaad70d35ca613a918046715c8447b4c975021791f160aa3d1c4cb19969f81dd7b9f98f13dec41619c44e3c5948ae593af9c3d0cfec346fc
- SSDEEP
  
  98304:FJLi7X0J2iGkPyxtHzk8joEGIbQOpv3VzGSsJQQq:nyqCtH48UEtb5ySs2L
Score

1^/10
behavioral13 behavioral14
- Target
  
  vcruntime140.dll
- Size
  
  116KB
- MD5
  
  699dd61122d91e80abdfcc396ce0ec10
- SHA1
  
  7b23a6562e78e1d4be2a16fc7044bdcea724855e
- SHA256
  
  f843cd00d9aff9a902dd7c98d6137639a10bd84904d81a085c28a3b29f8223c1
- SHA512
  
  2517e52f7f03580afd8f928c767d264033a191e831a78eed454ea35c9514c0f0df127f49a306088d766908af7880f713f5009c31ce6b0b1e4d0b67e49447bfff
- SSDEEP
  
  1536:KqvQFDdwFBHKaPX8YKpWgeQqbekRG7MP4ddbsecbWcmpCGa3QFzFtjXzp:KqvQFDUXqWn7CkRG7YecbWb9a3kDX9
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Event Triggered Execution: Component Object Model Hijacking

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16