Overview

overview

10

Static

static

10

Qt5Concurrent.dll

windows7-x64

1

Qt5Concurrent.dll

windows10-2004-x64

1

Qt5Core.dll

windows7-x64

1

Qt5Core.dll

windows10-2004-x64

1

Script.exe

windows7-x64

10

Script.exe

windows10-2004-x64

10

bin/d3dcom...43.dll

windows7-x64

3

bin/d3dcom...43.dll

windows10-2004-x64

3

bin/libEGL.dll

windows7-x64

1

bin/libEGL.dll

windows10-2004-x64

1

bin/libcry...64.dll

windows7-x64

1

bin/libcry...64.dll

windows10-2004-x64

1

bin/tbb12.dll

windows7-x64

1

bin/tbb12.dll

windows10-2004-x64

1

FiddlerSet...st.exe

windows7-x64

9

FiddlerSet...st.exe

windows10-2004-x64

9

$PLUGINSDI...up.exe

windows7-x64

9

$PLUGINSDI...up.exe

windows10-2004-x64

9

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analytics.dll

windows7-x64

1

Analytics.dll

windows10-2004-x64

1

Be.Windows...ox.dll

windows7-x64

1

Be.Windows...ox.dll

windows10-2004-x64

1

DotNetZip.dll

windows7-x64

1

DotNetZip.dll

windows10-2004-x64

1

EnableLoopback.exe

windows7-x64

3

EnableLoopback.exe

windows10-2004-x64

7

ExecAction.exe

windows7-x64

1

ExecAction.exe

windows10-2004-x64

1

FSE2.exe

windows7-x64

3

FSE2.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1riageFiddlershit.zip

  • Size

    28.9MB

  • Sample

    250105-pe1elatnbv

  • MD5

    7dec47dd246b6a81c9f0992091ef2d03

  • SHA1

    c46e9addf83d24adeb036b8ed33a6dd13c024ede

  • SHA256

    28327d9e90781c714d6951c767b3fa88396048b81178e9b691ab8edef0e59cf7

  • SHA512

    2b2469a6535a311d8e3cc4fb4b0aac852b3e5a15306d3f53c83255867e61314ba1adb0a1ae2089160b61a48634d388efafda6813c8020b94e2046a57e68a2de6

  • SSDEEP

    786432:CBzytd5XjMdi0R6fu29sdi0R6fu2z+2UqeESHo4t/Isp:YzyRQRd2mRd2fMf

Score
10/10
lummaquasarrobotdiscoveryevasionpersistenceprivilege_escalationstealer

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

robot

C2

tcp://quasarrat12345-50279.portmap.host:50279

Mutex

5b3b6ef6-1f5c-4cf2-a902-f38fc18c6f74

Attributes
  • encryption_key

    044C06AD5B6394C7D3CCD0919FA2C67D30EA87D4

  • install_name

    SolaraV3.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Windows Update

  • subdirectory

    SubDir

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Extracted

Family

lumma

C2

https://fancywaxxers.shop/api

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

    • Target

      Qt5Concurrent.dll

    • Size

      128KB

    • MD5

      31955f92dd3ca70cab821b6199018ebf

    • SHA1

      3177661f6e066460f2c859d2d5453323b68d6eda

    • SHA256

      d4a01961fff02cc38ab906d3bffaeb49db893edc624f840e06d07985086db29f

    • SHA512

      ec5b65741685882008769abd68fb88cf12c58b0b9d76f0a6326f352ee7a78cc4567473c50e9abe12fd8af0c06bb1ae9840ee0d5f78024580aaaf1c34e0b14504

    • SSDEEP

      3072:3Q8Eh7XgsZxlePu00k7hkNKSBMU+m3EkbnW6//V:3rg7wmePu01CXrUkV

    Score
    1/10
    behavioral1behavioral2

    • Target

      Qt5Core.dll

    • Size

      6.0MB

    • MD5

      c49ac6ad9630be526b2f9c3a9f094b53

    • SHA1

      5f5173c825810bbd849e32b5e6e2cb32f6c456d2

    • SHA256

      b72018655360463896edbd86b120be6dfa7235ae8a0aaa728165cb496573acb9

    • SHA512

      31ac473ddd3a7d4b93b9e5d023c5fa964543683b9a0429381e0ab30079a0bea39c77196533d1f94381a787ddbeae28087861f450a23b10a79192cc80cc6c9d66

    • SSDEEP

      98304:T9eXMaQVsUlo3PakaZJsv6tWKFdu9C7izxqfhSsbyMI:EXMaQVsUlmjaZJsv6tWKFdu9C72xqfh2

    Score
    1/10
    behavioral3behavioral4

    • Target

      Script.exe

    • Size

      374KB

    • MD5

      9692fcb7996881ff1489818817d4b300

    • SHA1

      17c9a0067ad325da87a096e62715848b8fc4ea34

    • SHA256

      7931b9a8460e753cf1f42b6dc5dd0b32e40a17d19dd94b2fcbba55817a9a77b6

    • SHA512

      541ad18f7ad479017167cbcb193e0e96cf3de502021c36bb9f001d2b2fc55efc32d1457d2ebdb6ef3336c902e6e2dd406f2747b319c0ea5f6777d965f6318762

    • SSDEEP

      6144:p2pwktDrDuMtVXo6MFbdQChRNraGhIlWW1n88gupG3XZ6AZP5dw7rGViJdh4lQ9u:d4CmYP1SC7Np61uXHzPPVU9FmJ1CXEEO

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Suspicious use of SetThreadContext

    behavioral5behavioral6

    • Target

      bin/d3dcompiler_43.dll

    • Size

      2.0MB

    • MD5

      1c9b45e87528b8bb8cfa884ea0099a85

    • SHA1

      98be17e1d324790a5b206e1ea1cc4e64fbe21240

    • SHA256

      2f23182ec6f4889397ac4bf03d62536136c5bdba825c7d2c4ef08c827f3a8a1c

    • SHA512

      b76d780810e8617b80331b4ad56e9c753652af2e55b66795f7a7d67d6afcec5ef00d120d9b2c64126309076d8169239a721ae8b34784b639b3a3e2bf50d6ee34

    • SSDEEP

      49152:DpX9JVeE9HP6Zpy9KyhMI50Du8LljslNsHSHFUq9OiapbbO5Akb:H3P9HP6Zpy9KyhMI50Du8LljslNsyHiS

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      bin/libEGL.dll

    • Size

      90KB

    • MD5

      50c717ab7624384b2b2d8a953263beb2

    • SHA1

      58d82865ab86a193f8f6ff1cbf7677525f6e217d

    • SHA256

      63580999b8210315b664e7742b6d4f59e587d20b4d0826072a5ef311c6f25b74

    • SHA512

      8caac7982eba6380df162b62353088339754ff211847e3921dd74f239e8a980d588b36db385acbd2ba0edcaebcfb4d272eb0405672dc158e58666b6f695a02b4

    • SSDEEP

      1536:KGP6HhCY9bVfdiVkfynyCjUzjBUpgmsWS4dMOe9dl58Zh3Cz0b:KGPG/xViVk4yOUz26KPWHiyzy

    Score
    1/10
    behavioral10behavioral9

    • Target

      bin/libcrypto-1_1-x64.dll

    • Size

      3.3MB

    • MD5

      3390d76a13973bd46b512bf257c171c8

    • SHA1

      cd269f1f752c272e3868b4dd6dc65464715ae0b0

    • SHA256

      deb034588ef43db62809cc2c599374894bf7fef5df990da6eaaa0674fbec0301

    • SHA512

      8d714e4859ffe4beb2c6a499b4d62cd549679411b5af2b50ec4f75e522e7af1943c4c29cc5d4266409351c596c6a0bb470e4ec0301e23425191f059752458620

    • SSDEEP

      49152:cVwASOC3IU6ixBGtlqREzGbOggxFSAnVJcjp15QAMa4OHjbtNPA6UsQ0H1CPwDvF:l4+0SgbhVUsIjJW6UsB1CPwDv3uFfJ

    Score
    1/10
    behavioral11behavioral12

    • Target

      bin/tbb12.dll

    • Size

      374KB

    • MD5

      123404fa3ab377e006e8bb777dc58b36

    • SHA1

      f716b9bc1dd30bd903c377de8ba08d1dee2827c0

    • SHA256

      061f3b283b3e5b24c5ac45772ee19e2f4b24cdacb3ff8ae4f815fe62836e5a45

    • SHA512

      4762511c8f75f0ee88e0b0c030fc4ded3681bd95f57b44d858a5f97bfb918d8f51df7fbed2fd473e3bd491ffec4dc1a290c3894a985cd2d7a959de140659782e

    • SSDEEP

      3072:LMz+pybccWv9lxKs66IYtmm17NakuCzbLModItR4KzdyHohj6bdJ9qDyh6tm4MBS:LMqpyOlxKOmm17NfLPSwKL8ItmhxpLO

    Score
    1/10
    behavioral13behavioral14

    • Target

      FiddlerSetup.5.0.20245.10105-latest.exe

    • Size

      4.4MB

    • MD5

      c1980b018489df28be8809eb32519001

    • SHA1

      e860439703d7b6665af4507b20bbef2bbb7b73f4

    • SHA256

      588024037b1e5929b1f2a741fff52a207bcab17f0650ec7cb0cd3cb78051998d

    • SHA512

      f70d419e869e56700a9e23350a9779f5dd56bb78adb9a1b0d5039287a24f20004db20f842294d234d4717feaa3184a5e6d90f0ee3666208bad2ea518d37b0a35

    • SSDEEP

      98304:qMgxyUnSAaB1eXq8yOkLiGXv72Qomw6pvtFIAwdaRdA:qMoWvePjqHv72Qo96pvtF5wH

    Score
    9/10
    discoveryevasionpersistenceprivilege_escalation

    • Checks for common network interception software

      Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

      evasion

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral15behavioral16

    • Target

      $PLUGINSDIR/FiddlerSetup.exe

    • Size

      4.4MB

    • MD5

      c2a0eb6f104eacec3f39581451ee208f

    • SHA1

      9ae7d02aeb640fbd090dfc01885b98dd5dd0b6cc

    • SHA256

      1f926cc353301e547e76c6d2eff23fcbe85495ba0292174cc6344fac26457af8

    • SHA512

      8b062e4f0af1dce3a12b5776646fe8c235f30de6772f579da1a6ab2bb559ed69b3bd32af95eee248c48008ddcbd40a7e49eae722a44bc9b49dd13fe38113a3ca

    • SSDEEP

      98304:KgxyUnSAaB1eXq8yOkLiGXv72Qomw6pvtFIAwdaRdAM:KoWvePjqHv72Qo96pvtF5wHM

    Score
    9/10
    discoveryevasionpersistenceprivilege_escalation

    • Checks for common network interception software

      Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

      evasion

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral17behavioral18

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      192639861e3dc2dc5c08bb8f8c7260d5

    • SHA1

      58d30e460609e22fa0098bc27d928b689ef9af78

    • SHA256

      23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6

    • SHA512

      6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc

    • SSDEEP

      192:ljHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZqE0QPi:R/Qlt7wiij/lMRv/9V4bfr

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      Analytics.dll

    • Size

      32KB

    • MD5

      1c2bd080b0e972a3ee1579895ea17b42

    • SHA1

      a09454bc976b4af549a6347618f846d4c93b769b

    • SHA256

      166e1a6cf86b254525a03d1510fe76da574f977c012064df39dd6f4af72a4b29

    • SHA512

      946e56d543a6d00674d8fa17ecd9589cba3211cfa52c978e0c9dab0fa45cdfc7787245d14308f5692bd99d621c0caca3c546259fcfa725fff9171b144514b6e0

    • SSDEEP

      384:gpeCB0nVQ/EMq7+Zi9nQwnHgfLtVUEoBXejF6XFlnwnYPLYyTcGq1y2h33XcQ7:/U0VQMMrZi9QiHWtVxOFxwxGqXR7

    Score
    1/10
    behavioral21behavioral22

    • Target

      Be.Windows.Forms.HexBox.dll

    • Size

      60KB

    • MD5

      e6f7b8c5ec4d1543eaa7f5d148c6327c

    • SHA1

      61a5bf82b4f7da4040f76e7aec4b4b5fe0c544ec

    • SHA256

      bbfd21490a4be96e1a44a92e39406e87978aea1fc58b603702e4e21a143dd89e

    • SHA512

      6f4516677937f6d58d250f7b6a50f3815691f84ac17e455dd09dc6d4ecc215a8a8ea000706885c858708603223661908067ed36c037766a52d15f2eb33af1fc4

    • SSDEEP

      1536:/KS4Z+5ZUOxinOGm7kF5Gw5qQ0DaK/nbL0LolKo4I/AhYe:T4ZkiHOGT0Dpf08Bve

    Score
    1/10
    behavioral23behavioral24

    • Target

      DotNetZip.dll

    • Size

      461KB

    • MD5

      a999d7f3807564cc816c16f862a60bbe

    • SHA1

      1ee724daaf70c6b0083bf589674b6f6d8427544f

    • SHA256

      8e9c0362e9bfb3c49af59e1b4d376d3e85b13aed0fbc3f5c0e1ebc99c07345f3

    • SHA512

      6f1f73314d86ae324cc7f55d8e6352e90d4a47f0200671f7069daa98592daaceea34cf89b47defbecdda7d3b3e4682de70e80a5275567b82aa81b002958e4414

    • SSDEEP

      6144:DuCInHLhJI4FY/ixjci6ychf8xalGQGtSV41kJDsTDDpBnse6OVxLV/W:3QL32ikCaUS4csRBse6sfW

    Score
    1/10
    behavioral25behavioral26

    • Target

      EnableLoopback.exe

    • Size

      82KB

    • MD5

      81564947d42846910eec2d08310e0d25

    • SHA1

      b7a167dcd3afb29c8a0e18c943d634e3fc58a44c

    • SHA256

      543f16b73f7d40177585332f433ce76dddc1526e12bcd62cb73edd11eb002341

    • SHA512

      8f06409517697b022787bc9e2ed7e73100018422177aa3f63ecb406c3bdb6b021624f909a16fca0430002bfa7d35a461b38750c79c0273a154f63316b4e13037

    • SSDEEP

      768:AREI16zcI2eupxmhm/ljPb0O7/Al25znrShUABg4CqnZx6qmmlkoxPLabCxf1mlr:y1HLdwOLFzrShURwZoxmlkoxDtfIIM

    Score
    7/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral27behavioral28

    • Target

      ExecAction.exe

    • Size

      19KB

    • MD5

      519310853c0ee273a3f8787d7518dd2e

    • SHA1

      22c4e25c4c4c2b5654d05cd6a1e737c6bcb588d8

    • SHA256

      a23c852d3ed4148044708925e56e17246cdb88d6ecaaa375503fa1f915ba1272

    • SHA512

      30e51202416ab2d0bac9cd294d08c12d7973e75696283b1823c6442033698f85075d14dcd79fb1f56886f4491981b1e278d3a506e5e458a1eee6bb372d5e683d

    • SSDEEP

      192:ZsCrRJUlWDSnYe+PjPxucwwSoDvucwwfih5H0JOqxEV1a//bZ28WhTEn:GGOZnYPLxoAjo4S+JNY1cAhhY

    Score
    1/10
    behavioral29behavioral30

    • Target

      FSE2.exe

    • Size

      50KB

    • MD5

      c2fe7c92a8fc763407233203b49685f9

    • SHA1

      d2f199e71eb7531caa71f85a679e49fa400cc401

    • SHA256

      f55d5cb9968bcb875dc39cc84153bd52375f4cf8a680e0f5eb53a57a7e532561

    • SHA512

      f74d29f4520ae0c9aa153f3649bdf80c1ed882a61add7267eafaecb2d036f43fc44434279e3dacd763ebc42fedc78ec3ad52a11b55d14b224b01a8bebca0f6b5

    • SSDEEP

      768:YhiPG/qDcpEr7+zQ3Eo8P0gsH8Ufj02e0r/oEbkG3wR:ozKcy3+z7o88gsH5fjyXR

    Score
    3/10
    discovery
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

robotquasar
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

lummadiscoverystealer
Score
10/10

behavioral6

lummadiscoverystealer
Score
10/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

discoveryevasionpersistenceprivilege_escalation
Score
9/10

behavioral16

discoveryevasionpersistenceprivilege_escalation
Score
9/10

behavioral17

discoveryevasionpersistenceprivilege_escalation
Score
9/10

behavioral18

discoveryevasionpersistenceprivilege_escalation
Score
9/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
7/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10