Overview

overview

10

Static

static

3

Application.bat

windows10-ltsc 2021-x64

10

Application.bat

windows11-21h2-x64

7

cfg.js

windows10-ltsc 2021-x64

3

cfg.js

windows11-21h2-x64

3

lua51.dll

windows10-ltsc 2021-x64

1

lua51.dll

windows11-21h2-x64

1

luajit.exe

windows10-ltsc 2021-x64

1

luajit.exe

windows11-21h2-x64

1

Resubmissions

26-11-2024 18:47

241126-xfj31atpdv 6

26-11-2024 18:46

241126-xe42sazqgq 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Zorara.zip

  • Size

    498KB

  • Sample

    241126-xe42sazqgq

  • MD5

    935eca784190b019bddfcbd9977c9416

  • SHA1

    7dc1869d79a110f7394afe4b93c06b586185139d

  • SHA256

    6d11d8339ed8917190ba15dfbdf12c46d0a9d90b4b680edf54a8c65585e76e74

  • SHA512

    624f2b2348a4ab37855cd238b244d99f9dfdf4cfd7c8bfb2e55ad72aeee161db1d8a9e961e6e31f6be5f52a0f9c0562f49e484dc9763540c7c45ea819a9cdae3

  • SSDEEP

    12288:UmCAJEZ64ZZnv7zOCcf+X/N4mUiRvyPqBmKUU+zSy:Uc4ZZvOPBi5/BmKUBWy

Score
10/10
lummadiscoveryexecutionstealer

Malware Config

Extracted

Family

lumma

C2

https://blade-govern.sbs/api

https://story-tense-faz.sbs/api

https://disobey-curly.sbs/api

https://motion-treesz.sbs/api

https://powerful-avoids.sbs/api

Targets

    • Target

      Application.bat

    • Size

      1KB

    • MD5

      1f886633d8933efe74279e6519035ac2

    • SHA1

      e0b8ed8660b546dbe6a6cd6808d8ea33569647ea

    • SHA256

      c8bd116c303dbf8c8f539a8353a180a1b5b51d771c820ef176359bf0f194e49e

    • SHA512

      766a3452dc1265defb8168c87d8e187c33f42bfc936aaa061678fc23093a6ca10e32c06038f4e8127c53fddf1c2994550e01e059e4581c6ab6513e2a178a63c4

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

    • Target

      cfg.txt

    • Size

      220KB

    • MD5

      02c099ed621a95bd3d10ba5df143c137

    • SHA1

      714b1f835cbafc55ce8ea4b8a65d855c652536b4

    • SHA256

      be27274aef2547575ee05db27a1f40054190c5cc7e36d1da6936fe6d8478f22b

    • SHA512

      4c3b5d9164b5ee51bb6bf08767de6e92cd706f34ce8e8ef44b007a8e92aac80d1c6df6ab3aa3e4329d9789207e0ebc3fc51474660c53aa8d98e6d3ccc2cc7896

    • SSDEEP

      6144:S9cnz6rpQ22oLH9fKvJ3MNs5RvEPPuFuqP5JWN14do9:7nezj4Xmf

    Score
    3/10
    execution
    behavioral3behavioral4

    • Target

      lua51.dll

    • Size

      479KB

    • MD5

      47885ad50b2f52aec010ea4416a99ffd

    • SHA1

      19953daea1f663c1521deaeccff656cc110d6f8e

    • SHA256

      88c5bfba7b487bc311d7bd5877f7ee7a7f8dae8347e19079c00ed79625055f67

    • SHA512

      19476a1491d9321bb6cd2428ee1e0cb354e12fe27d43162f6bbe7765c8b24d185ce48f890ce6c7b1cd441b3cfce196f6304bdf2223e853d88e2b3272ac7a05a9

    • SSDEEP

      6144:mGZD0cO8e7yGRJAtzlz0JeGn5yGClkcUxU+/vDLdmbePFOxEwZgOOVs+loxjsxVi:utZJAzzwnvdmblvjsxV+qPVqcSkBBt

    Score
    1/10
    behavioral5behavioral6

    • Target

      luajit.exe

    • Size

      288KB

    • MD5

      e9563030420846d2c54f73b4f5515ae6

    • SHA1

      ba4ce71542fc4e52a4d4b464d825100e76da8c1d

    • SHA256

      726ec4876adc426ecc8b9b575e4a64962e19ed112d76bca84dbbbdb96c4c4dd9

    • SHA512

      d71b90a75151e336e2418636a86ea11ebfdf1e67134db437b5ad66f8b468da0810ca86f56c2171c2e32152c7a0eaa857c6d7d6dc10fd0a1a116499bd9c2ed0de

    • SSDEEP

      3072:/UrdMUiesUvuiLrbwkCD3U1vDfRyRg821IrImnaN4gC6Tq:K2UpvpTwkCD3UZfIie22N9

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks