Overview
overview
10Static
static
3Zorara.zip
windows7-x64
1Zorara.zip
windows10-2004-x64
10Application.bat
windows7-x64
6Application.bat
windows10-2004-x64
10cfg.js
windows7-x64
3cfg.js
windows10-2004-x64
3lua51.dll
windows7-x64
1lua51.dll
windows10-2004-x64
1luajit.exe
windows7-x64
1luajit.exe
windows10-2004-x64
1General
-
Target
Zorara.zip
-
Size
498KB
-
Sample
241126-xreyesvlbt
-
MD5
935eca784190b019bddfcbd9977c9416
-
SHA1
7dc1869d79a110f7394afe4b93c06b586185139d
-
SHA256
6d11d8339ed8917190ba15dfbdf12c46d0a9d90b4b680edf54a8c65585e76e74
-
SHA512
624f2b2348a4ab37855cd238b244d99f9dfdf4cfd7c8bfb2e55ad72aeee161db1d8a9e961e6e31f6be5f52a0f9c0562f49e484dc9763540c7c45ea819a9cdae3
-
SSDEEP
12288:UmCAJEZ64ZZnv7zOCcf+X/N4mUiRvyPqBmKUU+zSy:Uc4ZZvOPBi5/BmKUBWy
Static task
static1
Behavioral task
behavioral1
Sample
Zorara.zip
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Zorara.zip
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Application.bat
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Application.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
cfg.js
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
cfg.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
lua51.dll
Resource
win7-20240729-en
Behavioral task
behavioral8
Sample
lua51.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
luajit.exe
Resource
win7-20241010-en
Behavioral task
behavioral10
Sample
luajit.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
lumma
https://blade-govern.sbs/api
https://story-tense-faz.sbs/api
https://disobey-curly.sbs/api
https://motion-treesz.sbs/api
https://powerful-avoids.sbs/api
Targets
-
-
Target
Zorara.zip
-
Size
498KB
-
MD5
935eca784190b019bddfcbd9977c9416
-
SHA1
7dc1869d79a110f7394afe4b93c06b586185139d
-
SHA256
6d11d8339ed8917190ba15dfbdf12c46d0a9d90b4b680edf54a8c65585e76e74
-
SHA512
624f2b2348a4ab37855cd238b244d99f9dfdf4cfd7c8bfb2e55ad72aeee161db1d8a9e961e6e31f6be5f52a0f9c0562f49e484dc9763540c7c45ea819a9cdae3
-
SSDEEP
12288:UmCAJEZ64ZZnv7zOCcf+X/N4mUiRvyPqBmKUU+zSy:Uc4ZZvOPBi5/BmKUBWy
-
Lumma family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
-
-
Target
Application.bat
-
Size
1KB
-
MD5
1f886633d8933efe74279e6519035ac2
-
SHA1
e0b8ed8660b546dbe6a6cd6808d8ea33569647ea
-
SHA256
c8bd116c303dbf8c8f539a8353a180a1b5b51d771c820ef176359bf0f194e49e
-
SHA512
766a3452dc1265defb8168c87d8e187c33f42bfc936aaa061678fc23093a6ca10e32c06038f4e8127c53fddf1c2994550e01e059e4581c6ab6513e2a178a63c4
-
Lumma family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
-
-
Target
cfg.txt
-
Size
220KB
-
MD5
02c099ed621a95bd3d10ba5df143c137
-
SHA1
714b1f835cbafc55ce8ea4b8a65d855c652536b4
-
SHA256
be27274aef2547575ee05db27a1f40054190c5cc7e36d1da6936fe6d8478f22b
-
SHA512
4c3b5d9164b5ee51bb6bf08767de6e92cd706f34ce8e8ef44b007a8e92aac80d1c6df6ab3aa3e4329d9789207e0ebc3fc51474660c53aa8d98e6d3ccc2cc7896
-
SSDEEP
6144:S9cnz6rpQ22oLH9fKvJ3MNs5RvEPPuFuqP5JWN14do9:7nezj4Xmf
Score3/10 -
-
-
Target
lua51.dll
-
Size
479KB
-
MD5
47885ad50b2f52aec010ea4416a99ffd
-
SHA1
19953daea1f663c1521deaeccff656cc110d6f8e
-
SHA256
88c5bfba7b487bc311d7bd5877f7ee7a7f8dae8347e19079c00ed79625055f67
-
SHA512
19476a1491d9321bb6cd2428ee1e0cb354e12fe27d43162f6bbe7765c8b24d185ce48f890ce6c7b1cd441b3cfce196f6304bdf2223e853d88e2b3272ac7a05a9
-
SSDEEP
6144:mGZD0cO8e7yGRJAtzlz0JeGn5yGClkcUxU+/vDLdmbePFOxEwZgOOVs+loxjsxVi:utZJAzzwnvdmblvjsxV+qPVqcSkBBt
Score1/10 -
-
-
Target
luajit.exe
-
Size
288KB
-
MD5
e9563030420846d2c54f73b4f5515ae6
-
SHA1
ba4ce71542fc4e52a4d4b464d825100e76da8c1d
-
SHA256
726ec4876adc426ecc8b9b575e4a64962e19ed112d76bca84dbbbdb96c4c4dd9
-
SHA512
d71b90a75151e336e2418636a86ea11ebfdf1e67134db437b5ad66f8b468da0810ca86f56c2171c2e32152c7a0eaa857c6d7d6dc10fd0a1a116499bd9c2ed0de
-
SSDEEP
3072:/UrdMUiesUvuiLrbwkCD3U1vDfRyRg821IrImnaN4gC6Tq:K2UpvpTwkCD3UZfIie22N9
Score1/10 -