Overview

overview

10

Static

static

1

SatUp-Here...er.exe

windows7-x64

1

SatUp-Here...er.exe

windows10-2004-x64

1

SatUp-Here...47.dll

windows10-2004-x64

1

SatUp-Here...ces.js

windows7-x64

3

SatUp-Here...ces.js

windows10-2004-x64

3

SatUp-Here...eg.dll

windows10-2004-x64

1

SatUp-Here/NAudio.dll

windows7-x64

1

SatUp-Here/NAudio.dll

windows10-2004-x64

1

SatUp-Here...se.dll

windows7-x64

3

SatUp-Here...se.dll

windows10-2004-x64

3

SatUp-Here...ce.exe

windows7-x64

SatUp-Here...ce.exe

windows10-2004-x64

SatUp-Here/Set-up.exe

windows7-x64

10

SatUp-Here/Set-up.exe

windows10-2004-x64

10

SatUp-Here...nt.dll

windows7-x64

3

SatUp-Here...nt.dll

windows10-2004-x64

3

SatUp-Here...on.dll

windows7-x64

3

SatUp-Here...on.dll

windows10-2004-x64

3

SatUp-Here/WebUI.dll

windows7-x64

3

SatUp-Here/WebUI.dll

windows10-2004-x64

3

SatUp-Here/config.exe

windows7-x64

1

SatUp-Here/config.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    #Pa$$w0𝑅D-3517__Sat-Up@!.zip

  • Size

    24.3MB

  • Sample

    241128-dmktbssnhw

  • MD5

    90fba55a5c4b01904f5a2bdab89386dc

  • SHA1

    caa620c8e8515435b7b8ce06fa428b779f176041

  • SHA256

    7580aa09c3759027ea913e5f76a3de6804973f36fadd396eba6133844b772032

  • SHA512

    a5de64c7d63dd8b415ee025b8226af6873260477010d68e40dc8f20cea132b89ef1ac0c9c995b17a05a3e5fafac1c37e6cb3358f0da888fea63014e2322de564

  • SSDEEP

    393216:ZxsdRYI7I7KwZyLF6OLIcHl6YXkNu2AmOdOo9FTd3lR0Xjri3Lcz8A6Ht1:TyIWYA1blfGFA1/rVM3i3E8D1

Score
10/10
lummadiscoveryexecutionstealer

Malware Config

Extracted

Family

lumma

C2

https://powerful-avoids.sbs

https://motion-treesz.sbs

https://disobey-curly.sbs

https://leg-sate-boat.sbs

https://story-tense-faz.sbs

https://blade-govern.sbs

https://occupy-blushi.sbs

https://frogs-severz.sbs

https://winterchill.shop/api

Extracted

Family

lumma

C2

https://winterchill.shop/api

Targets

    • Target

      SatUp-Here/Data/Updater.ex

    • Size

      414KB

    • MD5

      a341d9bfaae6a784cb9e2ea49c183fb4

    • SHA1

      d061c12dffa6a725f649dae49c99f157e93bb175

    • SHA256

      52416bb8275988aa5145be6359b6c6a92e3c20817544682c2c1978b50ff2052c

    • SHA512

      9dff4ba2abf889c9f9e71da1f91abdde1742a542b53e8c289e011113e1bcb86d4b1aaf5e7aadf97aa5ed36ab50227295e27ce700d30524f7198fd8f3928c36a2

    • SSDEEP

      3072:bebeJQsqiaJnFdHfQoB9bls1YxRz5QZ1y+ymaQfA30KQBhYJXv4M4Mz07ROZH1pH:jh+nf4+tG/vyohq4M4M4gl7T

    Score
    1/10
    behavioral1behavioral2

    • Target

      SatUp-Here/Data/d3dcompiler_47.dll

    • Size

      4.7MB

    • MD5

      b37cc24fcfdcca9dead17a498e66db9c

    • SHA1

      c959ab27ce476dcb0c7312c30c613fe3307bb877

    • SHA256

      9f5b1ad41183ba50896eb09be917b1382980224e212a97080d33c0bf3dee40dd

    • SHA512

      e62e1b985939688aa2eb920f5cfa50377934a8256d7aaa8a1def705de1d47e5cd15515d043622553bbe512469f5c2ed05a7bdedd4f5d17e99109274f9bffe95c

    • SSDEEP

      49152:+CZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvdiD0N+YEzI4og/RfzHLeHTRhFRNZ:tG2QCwmHjnog/pzHAo/Ay

    Score
    1/10
    behavioral3

    • Target

      SatUp-Here/Data/devtools_resources.pak

    • Size

      5.9MB

    • MD5

      731a70d555b49a74607efa43d407948f

    • SHA1

      01b9d0cf34eab6d171a819c0a6a694b8b499702e

    • SHA256

      94b15729530fcf90d11156d38ffd0152ace21182ee44e63c51dc5e2af25345d2

    • SHA512

      4d8eb837ba3ff475f42d72df0375ca4cc0ca18b4e3702ff39e910d67686afb81234c457c61bdd36c8927ff73695bb19017423cda2787242273e0baa398ddabb0

    • SSDEEP

      49152:sLFPZAKkA/koZdvvVqdkTZdvvVqwkF/yWzmJUTvU8ZaTG2os1y3JkkaXSqDJMuXR:WLwW

    Score
    3/10
    execution
    behavioral4behavioral5

    • Target

      SatUp-Here/Data/ffmpeg.dll

    • Size

      2.6MB

    • MD5

      449bf7a46490fa07881d969b6d52c0f1

    • SHA1

      e520a8318e867c7840e6deadef36abcdf2894417

    • SHA256

      5883d041c5f5020ac4b66314d5f89cb6331db3c4ec1c912f72b3ebb9aa8c41e2

    • SHA512

      eabaa33b037ba9f1ee874c534d85ad281985e85e1dd2c115a2693f56381a9a596f22b16938916fd34804a3d490cd0ac53a2969c5f73a923b163c5474fea91b91

    • SSDEEP

      49152:ImBYJtMTl/GuTvOCnCaYXWRTDF8fLen6yfZ0rO43PSGgt2:9OC9YXeTDFWD5PZ

    Score
    1/10
    behavioral6

    • Target

      SatUp-Here/NAudio.dll

    • Size

      507KB

    • MD5

      65839a5c28a0dee380c4eba54e2d941f

    • SHA1

      ac609ea7f86fe533820b801cfe40b22f8a7a3f1b

    • SHA256

      c7a4c035d89716b027f69c2cc98eaf5c44fb15b08c2ea162d793466356a35a2a

    • SHA512

      e6853ff5d10d11b5333f0697dcb660a042ebeae12eebc84427d0b9f896cf100258e7e6d18f531aae700c0f476f91f11da0272e7809728df68da80ee560136aeb

    • SSDEEP

      12288:rnXnae2TPlr3zvzar5oRDaw92wP6mai9gs6CU:78lrT+r5ADakP4i9gsc

    Score
    1/10
    behavioral7behavioral8

    • Target

      SatUp-Here/RcClientBase.dll

    • Size

      29KB

    • MD5

      f0739e1db958fde4dc6bab9d75865191

    • SHA1

      fedadbf79b594995e6c44108d6b25cdbbf05eb65

    • SHA256

      27faac58c4edc8fb147c9947fc9567afd2f785b11252c2963788fd0f64f7ca42

    • SHA512

      adbf2a0b42c6043ee5c984c02fcc8815b143117fa2ee0286b048f9e90d695f74f0129240e1de36dea2915f1e3d31359953095e6e5497337d01f0004d443aad10

    • SSDEEP

      384:37VPSe+T3KkTRIjjzi3WbR1zQnSyGUvXU7Ex3dVOSRZYNyb8E9VF6IYinAM+oaua:37VPSFTamMRbzCfzZQEpYinAMxJH4

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      SatUp-Here/Resource.ct

    • Size

      3.0MB

    • MD5

      cf83372ce8462708f58817b1560e7006

    • SHA1

      6484fdc351661e0ec40ff6d8ef2d9c1df2b05f1a

    • SHA256

      37a5a53b7d95439b05b5e4f394de8b931a500f6df97aaf1a82cb8a66c11478f2

    • SHA512

      d4d24cfe4819343a98d2c83f62b456e922ff88215015d6a76d230d4034b68afbef45e3fad2b92b6d2dbfc2772b65c0bb91545b61bd0231c8a75c03a4146352d6

    • SSDEEP

      49152:KQ96YdG5LJ3Z3k0jbdHMsChIiv1o/spNM:FqBkMGsCJe

    Score
    1/10
    behavioral11behavioral12

    • Target

      SatUp-Here/Set-up.exe

    • Size

      1.8MB

    • MD5

      098ac4621ee0e855e0710710736c2955

    • SHA1

      ce7b88657c3449d5d05591314aaa43bd3e32bdaa

    • SHA256

      46afbf1cbd2e1b5e108c133d4079faddc7347231b0c48566fd967a3070745e7f

    • SHA512

      3042785b81bd18b641f0a2b5d8aec8ef86f9bf1269421fb96d1db35a913e744eaff16d9da7a02c8001435d59befb9f26bc0bbfa6e794811abf4282ed68b185fe

    • SSDEEP

      49152:GpjwrP6yVgBd39sUUzFti4aTotmIT3SxLmNKbx:GpjwrP6yKTOUmi4aTo1NK9

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral13behavioral14

    • Target

      SatUp-Here/UpdateClient.dll

    • Size

      64KB

    • MD5

      760f24f0150a6e8dc15ac793c3172387

    • SHA1

      920d5aafb4b460efc37b99564bd281e63c7eb647

    • SHA256

      e113f8593244c1bb5bcc73fef0f93303c783714162cbd9ef93ddff5709c037ce

    • SHA512

      e5251075164f9cdb154b0b5bf7b775c9720b0744d004b68ce6501a980342f45398505bc26f7cca982bd23a03609b3c78510a5778a93041e7614e17b369a7209f

    • SSDEEP

      1536:DyvHa8En7WFlzobIrmKD8owRaggg5TIcO3YDmj7Hx4:DyvHa8EnKFqKD8aK0jj6

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      SatUp-Here/UpdateCommon.dll

    • Size

      143KB

    • MD5

      985f25c1d3144f37f046bc8f3e2b0c83

    • SHA1

      c0b551c51317891d8220ab5a634c15acf8223e88

    • SHA256

      3f71fa4c64376e85486b22de926f61c3e3cde3de6c1d484e041f265534ccd623

    • SHA512

      b0db2c878948922243cc80ab015a954b11c5e08fce7dbe767722bc5082b150f277690acf9da1c657837e7a66059cafa7ba76c3695bba51b44467979f5a9c053b

    • SSDEEP

      3072:8zWwFkpFMOKq9hC3ZWU+Oq1hZ+fVztxQ0rzc0to734o:s/zq9huqrZ+dbQIz1o

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      SatUp-Here/WebUI.dll

    • Size

      15.6MB

    • MD5

      cdf6f41dd30c6024085b4d16ac265797

    • SHA1

      befc48b8bf7fe9e005190ac242835acda96efa68

    • SHA256

      2326376afbfacb1d8067bb924cb5e9588b4bcfcb1f11c3c555cf1272c0307e76

    • SHA512

      deefac51048876fb38f5b49eee7235b958c86722dd8f39697340e64d091f2a94b7381ca557add09a90713b7dfc5989a12c6a77d6ee382265bb01433078ce3f4c

    • SSDEEP

      393216:M7iGI7QAXlJttE3Htpo/Jql2h1/uo95x9iswje8BNcKZ67:CF5A3MfoCYmSiegcK8

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      SatUp-Here/config.prx

    • Size

      364KB

    • MD5

      14934caca84d5fe0288f27efb31dcbf8

    • SHA1

      98c8c659488a5782679112e0ffb089422a664ac5

    • SHA256

      7fa86147035627bae39576bcbe619d045e94a48c4db8ca131968c20bb4de4a36

    • SHA512

      9a239132a46fe578fa04ff727d8c28f9e1d179e7154619670a22a403819f337af0a96ebd7081d04d53910a12bbdc548b3cd2b2a285931c92f1c149ad5d846a6a

    • SSDEEP

      3072:rbT9vTZFNSlIbVf7o3Cyi7igb/Js0S6uZZspiDbZHNjWOnNxFiKey1ISQlXflY:fRvNvvbhOq7F3S/qpiDlNCONvmXdY

    Score
    3/10
    discovery
    behavioral21behavioral22

MITRE ATT&CK Enterprise v15

Tasks