Overview

overview

10

Static

static

1

omgsoft.exe

windows7-x64

1

omgsoft.exe

windows10-2004-x64

10

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDIR/Midex.dll

windows7-x64

6

$PLUGINSDIR/Midex.dll

windows10-2004-x64

6

$PLUGINSDIR/jsis.dll

windows7-x64

3

$PLUGINSDIR/jsis.dll

windows10-2004-x64

3

$PLUGINSDI...ON.dll

windows7-x64

3

$PLUGINSDI...ON.dll

windows10-2004-x64

3

$_106_.dll

windows7-x64

1

$_106_.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eb69150e0f3bfc15abea38fdf4df95cf.bin

  • Size

    10.5MB

  • Sample

    240624-d49h1szcmq

  • MD5

    48e42ee92c05a5b3930796b974043797

  • SHA1

    9b84477525963ad43ca1138945b94fd27685f947

  • SHA256

    b5f9935e0615cfe328feb5a737d7691dd96b202731e0845bdd3226e64ad96123

  • SHA512

    20fae7f2d95703fda588921398a433af50167b42e892dc64ac4fb815e2d1fdfc0b5f7b0eb25cc0e5436384aad0d38b88a6bcc168373b8cffcfd36ba1faeb1ba3

  • SSDEEP

    196608:wWFr8VV/0MsUPg1HmDKEhkABVCmhdqMHpe1ArDKEq1ZSRO/dK90QLabt1o5zgW:Vr8VV/0/UPKHs9hkzmhdVpycDKJ1ZIPj

Score
10/10
lummabootkitpersistencestealer

Malware Config

Extracted

Family

lumma

C2

https://latesttributedowps.shop/api

https://publicitycharetew.shop/api

https://computerexcudesp.shop/api

https://leafcalfconflcitw.shop/api

https://injurypiggyoewirog.shop/api

https://bargainnygroandjwk.shop/api

https://disappointcredisotw.shop/api

https://doughtdrillyksow.shop/api

https://facilitycoursedw.shop/api

Targets

    • Target

      omgsoft.exe

    • Size

      10.7MB

    • MD5

      895531f9d849155e054903e7cc466888

    • SHA1

      4271c3690af27765533a3f1eb30a40d5aebf90bc

    • SHA256

      e60d911f2ef120ed782449f1136c23ddf0c1c81f7479c5ce31ed6dcea6f6adf9

    • SHA512

      4c72b3d45291da1eb8290f7c6ad89c71d64e48f0e717126f8729efe683558c43439091e444cc0a7f9df09a90241cebabd09153b9578f5c0e79b2ed537cd68674

    • SSDEEP

      196608:62VEhlCTPpx5v1i7qwDzfAPlqBtC1m4AVEhlCTPpx5v1i7qwDzfAPlqBtC1I:66Ehq1sqwHOld0Ehq1sqwHOldI

    Score
    10/10
    lummastealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/JsisPlugins.dll

    • Size

      2.1MB

    • MD5

      a1336353c555c6fd1832a97ee2268579

    • SHA1

      203b705ef26e1685f2c1613ffa783c1186d64fc6

    • SHA256

      6a6f53c6fcb1f7cd2506c16f318180b748c52f59fb738f2abbebcfe9bf71238d

    • SHA512

      cdab5cdbe7b26de36b379cc71dfaba16004d76ae6d763dd0a86ecd7e57c756d9d8e3610d93edee400fb02b28421b2fdc1047e9b2e3b290e175bd4910e789e27a

    • SSDEEP

      49152:XWUF3+DvlxaVlUj2UxF9TWkWbQWxACvRG+OZ1m/I31he2UaIyuK:XtF3+DLaVlUFWkWbQWx1JtOLm/IgaI

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/Midex.dll

    • Size

      126KB

    • MD5

      8d2c955338825cee8a50a8637c02a82d

    • SHA1

      7ec598efdaaf3d382c496adb2c4fa26218a17350

    • SHA256

      4b861cd1b8b47bff1769e63e2b15a1b4ae9ca0dc4d5a3013fb3afc66a1789b76

    • SHA512

      fa2cd1ceeb9a1a3ef83677b7221b263b0303f4cafe3c58f8ef0b56f7b4966c7eb69de0e83db298ee382cd16a44e3cb2fca29893b44517962bcb489c2736745d1

    • SSDEEP

      3072:xACUTz1JlJmpGB6yK4H9l4o8rr4YlixbSrZKbazGU:xACUTz1JlopG5K4OZgeC

    Score
    6/10
    bootkitpersistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/jsis.dll

    • Size

      127KB

    • MD5

      877523e8e5f8eac05f8a90d822b6ff23

    • SHA1

      412d780a501f2d158f3bcc82011f962e3e87ee1a

    • SHA256

      bec5941a991669b2407a72607ecbfd45daf7d19d11b10d0c850f25a2f22f4486

    • SHA512

      872a7dce8044fdf4d4489ad55b0428769a1572a22590009074681fcd757432d3723437d421d601ea590452e41761b2691dd4520e184c8af99035644210ae8ef7

    • SSDEEP

      3072:93Zk9fOAewM0+W8NVH28fB948igEWo8P+fidY:93qNOApM1G8fBpidWZ

    Score
    3/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/nsJSON.dll

    • Size

      36KB

    • MD5

      e42450cf5d36102a4ccf290d6a7d2364

    • SHA1

      94500c2fd8381cdf3e9997bb685ed3ce9024b3d1

    • SHA256

      d3213fa6f49a39db335197eb0c53776a0670780d03859436075d6dac8e7314d0

    • SHA512

      851ebd3cd3479d1ed3e5b8142a0da92404b27972ec00c1ef748e8d3580da261c56543d345c5f06172b36c293aa28afe7d98a8f7aeb9f0361d1c86e498e21c7eb

    • SSDEEP

      768:91vTYFHvlhqjbm8oEHB6hC+/3P4LA27bRpuYiBAMxkE:91bYPHqu7EUhL27bTu7Jx

    Score
    3/10
    behavioral10behavioral9

    • Target

      $_106_

    • Size

      6.1MB

    • MD5

      24df7efa5d08185fd080522229537c26

    • SHA1

      da122637aff6822d5b80ca0e621fc61979908a44

    • SHA256

      cb157b90adbd0990521d4a446f7a10f04162199a7a5d73aa859ce9f116ecf73f

    • SHA512

      77f07a22b794850cd30a4116ffc7d938ddab2b89a042d3e2c376091055a6d5700f77bc325cf29cdf9850c4dc42d002c4e957b450bb668668b1886fe64130f4e1

    • SSDEEP

      98304:sTvkQ/nTstrpzpNBcSrMVudcoCL+34a5eB2atknfQJlH7ixiu1aqrqNCwLwKknK:sTvkTLVTAudcoJheBnknfFrqNeKc

    Score
    1/10
    behavioral11behavioral12

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks