General

  • Target

    main.zip

  • Size

    20.1MB

  • Sample

    241029-1rppea1ark

  • MD5

    32672d2c0e42c11b9c05fb52dbceb4cf

  • SHA1

    bef3243b7db34785dcb9d456be25fc0ed02f3932

  • SHA256

    babf47d8493a17a590dfe66ba74f204a24c9e2ff878a52deabe3082766d72a79

  • SHA512

    f996a26f0c6efe58fe94ad63893603d6102326fd0d4f5e304869ca776312831694ecb217ceed2a791119c0101634d2f9a563d7b15658eb0818f105a71c4d268b

  • SSDEEP

    393216:P2lQQT08IesheJJkSMtSEu6dfOIdCbr2uDoqYnOuI:Pcgb9UJJ2tSMf83XYns

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

Office

C2

82.117.243.110:5173

Mutex

edH11NGQWIdCwvLx00

Attributes
  • encryption_key

    aGPuRaDerdUDJPrAfXtB

  • install_name

    csrss.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Framework

  • subdirectory

    SubDir

Extracted

Family

vidar

C2

https://t.me/asg7rd

https://steamcommunity.com/profiles/76561199794498376

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Extracted

Family

lumma

C2

https://navygenerayk.store/api

https://necklacedmny.store/api

https://founpiuer.store/api

Targets

    • Target

      Installer/Accord.dll

    • Size

      128KB

    • MD5

      462500956d2d63725fb60c83516cec35

    • SHA1

      2d6326cb19d88bfdaa84112b6ff0259ec72d60f4

    • SHA256

      d36c225a84415c01bc2a8e84096590a7206dfc3d36173e3c7b6a62a04c0a33a9

    • SHA512

      10b1c3fcdd21464bb6f1aee796171237dc3f0763b1a6b8b41a2410aa264047fc8e256588a06ae141905b78e9a85414797b22ecb73c2a9fca150b81f63efdde46

    • SSDEEP

      1536:+x8piUO4o++aIRYMUVptbFoSycwX6xIp4EB7zujXe4HvFIdtdUlIAq:+x8piUO5aIRtUVTFl86PEB7yFdIdY6F

    Score
    1/10
    • Target

      Installer/CapCut.exe

    • Size

      332KB

    • MD5

      9095698e073c305cb31934f911e2f224

    • SHA1

      3c3a7cf49ecc1faf01d8f85d345425a3c417361e

    • SHA256

      a274bbefeca015c06188faf15493b32f3ed4b175a92fa4fdf59a0da55059f6db

    • SHA512

      8470d517a74c721911b7a5b93a8513630a9cfef747ef143296bfdcb3174620ddec7d2e170afbed2621f441aaa663b46eec676c9e8065b9fde87bf15633190fb6

    • SSDEEP

      6144:KurqFF99YI+Ka804ozhmKuRb5B/OalLbQg1/R:YFFXY9vrzoKud59Oahbv

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      Installer/Tools/Accord.3.8.0/lib/net35-unity full v3.5/Accord.dll

    • Size

      148KB

    • MD5

      e155917f082b3d7754937f1c8a378209

    • SHA1

      f7793aa262439ab98323dd9a76988608cb3d6105

    • SHA256

      4e9838f1e2d120ed2297bab01042c5d947506fbf4a96e330528cc5bcf8960da0

    • SHA512

      3848a4048a9e443239064129747c9f449d149dd8400b6a76362d4fd69e84bc9baba85c2600c5adfaa5ba3cfe224d77e2166557cb4ffcdcaea822481d57658cd8

    • SSDEEP

      3072:G+cdP98cPVdSvw4PDFiQezKm2sTqVJtPWdGLSJhfZETCvT4H:G+cdP98cP+4kLezKm2sgnPWoLmRZETCU

    Score
    1/10
    • Target

      Installer/Tools/Accord.3.8.0/lib/net35-unity micro v3.5/Accord.dll

    • Size

      148KB

    • MD5

      e155917f082b3d7754937f1c8a378209

    • SHA1

      f7793aa262439ab98323dd9a76988608cb3d6105

    • SHA256

      4e9838f1e2d120ed2297bab01042c5d947506fbf4a96e330528cc5bcf8960da0

    • SHA512

      3848a4048a9e443239064129747c9f449d149dd8400b6a76362d4fd69e84bc9baba85c2600c5adfaa5ba3cfe224d77e2166557cb4ffcdcaea822481d57658cd8

    • SSDEEP

      3072:G+cdP98cPVdSvw4PDFiQezKm2sTqVJtPWdGLSJhfZETCvT4H:G+cdP98cP+4kLezKm2sgnPWoLmRZETCU

    Score
    1/10
    • Target

      Installer/Tools/Accord.3.8.0/lib/net35-unity subset v3.5/Accord.dll

    • Size

      148KB

    • MD5

      e155917f082b3d7754937f1c8a378209

    • SHA1

      f7793aa262439ab98323dd9a76988608cb3d6105

    • SHA256

      4e9838f1e2d120ed2297bab01042c5d947506fbf4a96e330528cc5bcf8960da0

    • SHA512

      3848a4048a9e443239064129747c9f449d149dd8400b6a76362d4fd69e84bc9baba85c2600c5adfaa5ba3cfe224d77e2166557cb4ffcdcaea822481d57658cd8

    • SSDEEP

      3072:G+cdP98cPVdSvw4PDFiQezKm2sTqVJtPWdGLSJhfZETCvT4H:G+cdP98cP+4kLezKm2sgnPWoLmRZETCU

    Score
    1/10
    • Target

      Installer/Tools/Accord.3.8.0/lib/net35-unity web v3.5/Accord.dll

    • Size

      148KB

    • MD5

      e155917f082b3d7754937f1c8a378209

    • SHA1

      f7793aa262439ab98323dd9a76988608cb3d6105

    • SHA256

      4e9838f1e2d120ed2297bab01042c5d947506fbf4a96e330528cc5bcf8960da0

    • SHA512

      3848a4048a9e443239064129747c9f449d149dd8400b6a76362d4fd69e84bc9baba85c2600c5adfaa5ba3cfe224d77e2166557cb4ffcdcaea822481d57658cd8

    • SSDEEP

      3072:G+cdP98cPVdSvw4PDFiQezKm2sTqVJtPWdGLSJhfZETCvT4H:G+cdP98cP+4kLezKm2sgnPWoLmRZETCU

    Score
    1/10
    • Target

      Installer/Tools/Accord.3.8.0/lib/net35/Accord.dll

    • Size

      148KB

    • MD5

      e155917f082b3d7754937f1c8a378209

    • SHA1

      f7793aa262439ab98323dd9a76988608cb3d6105

    • SHA256

      4e9838f1e2d120ed2297bab01042c5d947506fbf4a96e330528cc5bcf8960da0

    • SHA512

      3848a4048a9e443239064129747c9f449d149dd8400b6a76362d4fd69e84bc9baba85c2600c5adfaa5ba3cfe224d77e2166557cb4ffcdcaea822481d57658cd8

    • SSDEEP

      3072:G+cdP98cPVdSvw4PDFiQezKm2sTqVJtPWdGLSJhfZETCvT4H:G+cdP98cP+4kLezKm2sgnPWoLmRZETCU

    Score
    1/10
    • Target

      Installer/Tools/Accord.3.8.0/lib/net40/Accord.dll

    • Size

      128KB

    • MD5

      7973f3ff5b1d9128ca66658576560819

    • SHA1

      d3bea89f8c3037a4faadf3b399d501bcc3798cd6

    • SHA256

      24e35568c79531d41330439a59ef5e2cd2e55bb87e0428daef37d9aa11ab432a

    • SHA512

      e283ab910f936ac852d659d18d1ee9a6829ceaf9353a14572f43efabd34e60beef5f29f937aa6ad4e146b3c875c59bd9acb10230c9543529f08b70251204d728

    • SSDEEP

      3072:ozUHt2atsOWiUcHCrltiud10RrqTEBlbX4YFDiT:ozUHRtsOWv5EgEvr4o

    Score
    1/10
    • Target

      Installer/Tools/Accord.3.8.0/lib/net45/Accord.dll

    • Size

      128KB

    • MD5

      585e55a96f52a550c6a6ec7859996b6e

    • SHA1

      07f6112f3380eee1f349732b890a7757e9018fca

    • SHA256

      67a1977a211dd33752c7e6fcafb1e6ab61b6f26f529b1373e54d1ca512ada858

    • SHA512

      92f8b38f50c3b84fa8558b68bed62891bb508ac208a500cf18fb586e12adc37a70f3a7ee71d7a656be188b0ab3eedbd944313dcab5e7d0c06f543c98331d40dc

    • SSDEEP

      1536:288phvO4o++aI12Mo4BOtbF4kDDV2LYWm2aIp4EBVJo7Je4Hjs1IdtdUCIw7:288phvO5aI12Mo4EF/JEBSJFDiIdYdm

    Score
    1/10
    • Target

      Installer/Tools/Accord.3.8.0/lib/net46/Accord.dll

    • Size

      128KB

    • MD5

      c988f0203059a8017533d086718ae3a9

    • SHA1

      861c257a172625436305d1ebf6205bae2f695d9b

    • SHA256

      b8eba126ccbe1e641b062fa1a4f45d094519bd5bc6ea81a4a24d4c2e549e883f

    • SHA512

      60c85cb06c60850fbe883802b52268611dea94be9cdbb9d168c7f800e51184e41243e9b0e0b4d9e31ad94160948d2590bf82e3759bc5235d722a9326829cacd1

    • SSDEEP

      1536:ox8piUO4o++aIRYMUVpJbFoSycwX6xIp4EB7zuPfe4HvFIdtdUJIA5:ox8piUO5aIRtUVXFl86PEB72FdIdYGm

    Score
    1/10
    • Target

      Installer/Tools/Accord.3.8.0/lib/net462/Accord.dll

    • Size

      128KB

    • MD5

      462500956d2d63725fb60c83516cec35

    • SHA1

      2d6326cb19d88bfdaa84112b6ff0259ec72d60f4

    • SHA256

      d36c225a84415c01bc2a8e84096590a7206dfc3d36173e3c7b6a62a04c0a33a9

    • SHA512

      10b1c3fcdd21464bb6f1aee796171237dc3f0763b1a6b8b41a2410aa264047fc8e256588a06ae141905b78e9a85414797b22ecb73c2a9fca150b81f63efdde46

    • SSDEEP

      1536:+x8piUO4o++aIRYMUVptbFoSycwX6xIp4EB7zujXe4HvFIdtdUlIAq:+x8piUO5aIRtUVTFl86PEB7yFdIdY6F

    Score
    1/10
    • Target

      Installer/Tools/Accord.3.8.0/lib/netstandard1.4/Accord.dll

    • Size

      119KB

    • MD5

      05df8292b5608279d129259be5baaaad

    • SHA1

      3d529801aac42f571e33fd8a32819b040bb8523a

    • SHA256

      3b3bbe2b42ec0ca04aedd3a27eaa6e9ee24a24734ae285c2b2920ffdec94bba0

    • SHA512

      6da88a00a6bb18dc64b7126135767f237911b9e6b48cede3bf9df8109a46891c14c377c2a4d9ed8e0c37548f1745d0c62927f354d364060cb522611ffca49f84

    • SSDEEP

      3072:yo7/5B5HeE3U5Xfl9rHXJYwMAT+aYvvHAR:ygBB5HeEE599rZYwJ+1ng

    Score
    1/10
    • Target

      Installer/Tools/Accord.3.8.0/lib/netstandard2.0/Accord.dll

    • Size

      112KB

    • MD5

      ebea077a998d01670625ed58a8ed63fe

    • SHA1

      a841053293b79ad6268459f9c54f2daaf99bc269

    • SHA256

      6fc7ed6a7e60a666ded3284c1c5558624c2a9f7300cf8dcf76f698df5aad40f2

    • SHA512

      2a40ee02bb39c422ce5b617823f7fc2eb763cdb91f7f287aa611d5ce2e0954f6cae27143ca834f5c5a64ca012f1ea9d2f2fb133c43ab176a445618f31eb3c913

    • SSDEEP

      3072:m5S5mn/wwTmzEfFGaBr+0fb552z1dlLBom:m5S5mn/wweEfM4tfb5QPlBo

    Score
    1/10
    • Target

      Installer/Tools/Accord.Video.3.8.0/lib/net35-unity full v3.5/Accord.Video.dll

    • Size

      40KB

    • MD5

      b7041a2701653f7c3f6f781dd8ab6d1a

    • SHA1

      7ae8f161f8e472ee2fe9815f2003832dd02e5c27

    • SHA256

      40139b60e4f0e397d955a87a658cee8d6be061eb8c45abba0f229d000a9a9f53

    • SHA512

      c893e93bfd391bd93b34d1c539dfb93e79d54417a2cf75388b6b85c424118714a4fe36e3c951f7e4a265f3ae5a196fdf6d7d43ff675ed2fe1930b653cfd9c265

    • SSDEEP

      768:KFhvlTCmwfsjsCNPKbKfv1p6PXRoPNE+:G96EtTs+

    Score
    1/10
    • Target

      Installer/Tools/Accord.Video.3.8.0/lib/net35-unity micro v3.5/Accord.Video.dll

    • Size

      40KB

    • MD5

      b7041a2701653f7c3f6f781dd8ab6d1a

    • SHA1

      7ae8f161f8e472ee2fe9815f2003832dd02e5c27

    • SHA256

      40139b60e4f0e397d955a87a658cee8d6be061eb8c45abba0f229d000a9a9f53

    • SHA512

      c893e93bfd391bd93b34d1c539dfb93e79d54417a2cf75388b6b85c424118714a4fe36e3c951f7e4a265f3ae5a196fdf6d7d43ff675ed2fe1930b653cfd9c265

    • SSDEEP

      768:KFhvlTCmwfsjsCNPKbKfv1p6PXRoPNE+:G96EtTs+

    Score
    1/10
    • Target

      Installer/Tools/Accord.Video.3.8.0/lib/net35-unity subset v3.5/Accord.Video.dll

    • Size

      40KB

    • MD5

      b7041a2701653f7c3f6f781dd8ab6d1a

    • SHA1

      7ae8f161f8e472ee2fe9815f2003832dd02e5c27

    • SHA256

      40139b60e4f0e397d955a87a658cee8d6be061eb8c45abba0f229d000a9a9f53

    • SHA512

      c893e93bfd391bd93b34d1c539dfb93e79d54417a2cf75388b6b85c424118714a4fe36e3c951f7e4a265f3ae5a196fdf6d7d43ff675ed2fe1930b653cfd9c265

    • SSDEEP

      768:KFhvlTCmwfsjsCNPKbKfv1p6PXRoPNE+:G96EtTs+

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

officeratstealerquasardcratvidarasyncratstormkittyvenomrat
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

execution
Score
8/10

behavioral4

lummadiscoveryexecutionstealer
Score
10/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10