Overview

overview

10

Static

static

3

maizu hack v1.4.rar

windows10-1703-x64

3

maizu hack...me.txt

windows10-1703-x64

1

maizu hack...er.dll

windows10-1703-x64

1

maizu hack...fg.dll

windows10-1703-x64

1

maizu hack...im.dll

windows10-1703-x64

1

maizu hack...er.dll

windows10-1703-x64

1

maizu hack...ng.dll

windows10-1703-x64

1

maizu hack...2p.dll

windows10-1703-x64

1

maizu hack...nd.dat

windows10-1703-x64

3

maizu hack...in.dfb

windows10-1703-x64

10

maizu hack....4.exe

windows10-1703-x64

10

maizu hack...br.dfb

windows10-1703-x64

3

maizu hack...er.dll

windows10-1703-x64

1

maizu hack...on.dll

windows10-1703-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    maizu hack v1.4.rar

  • Size

    403KB

  • Sample

    240701-qk8tlaxckm

  • MD5

    45768dbe40703c4545fc0c1a0f431019

  • SHA1

    68c53d26c48f31bd61042f8b7071c5bb6b78b0da

  • SHA256

    cb1bcf331721008e6dd6b46cd0f1880612374d54403836f43f264f924789e610

  • SHA512

    c984cc4032e0d276d63a34bc03563f422ca3e258a72a9d734304662b268577af873b33f5bfdc3f8a7e2e34ddd391c99a436a865842b502a9649a141242355a4a

  • SSDEEP

    12288:GJwSrUZSQmEyLvIg8eoCrOT70Xr1w4pLZgeOTn+:GWeUZSQZCXo7wXrmSLmDa

Score
10/10
lummadiscoverypersistenceprivilege_escalationstealer

Malware Config

Extracted

Family

lumma

C2

https://piedsiggnycliquieaw.shop/api

https://potterryisiw.shop/api

https://foodypannyjsud.shop/api

https://contintnetksows.shop/api

https://reinforcedirectorywd.shop/api

Targets

    • Target

      maizu hack v1.4.rar

    • Size

      403KB

    • MD5

      45768dbe40703c4545fc0c1a0f431019

    • SHA1

      68c53d26c48f31bd61042f8b7071c5bb6b78b0da

    • SHA256

      cb1bcf331721008e6dd6b46cd0f1880612374d54403836f43f264f924789e610

    • SHA512

      c984cc4032e0d276d63a34bc03563f422ca3e258a72a9d734304662b268577af873b33f5bfdc3f8a7e2e34ddd391c99a436a865842b502a9649a141242355a4a

    • SSDEEP

      12288:GJwSrUZSQmEyLvIg8eoCrOT70Xr1w4pLZgeOTn+:GWeUZSQZCXo7wXrmSLmDa

    Score
    3/10
    behavioral1

    • Target

      maizu hack v1.4/Read me.txt

    • Size

      171B

    • MD5

      50f5f8213d683d87ef0f2b518f1f3441

    • SHA1

      1f2314548a89fc9d730f309c29f2a8c4a71c6b5e

    • SHA256

      6e801521644c758a9c8c4e7834f5925d25f28cb1c94285c99163200d6627c37c

    • SHA512

      98163d2392ad1a3c72d1df4ff9b2bc47ad4f5fbf10f784722e3149854a4977e8f26b99ef7ebd55290604d50ce362284f30416c959e214f5601a886d3adc6891b

    Score
    1/10
    behavioral2

    • Target

      maizu hack v1.4/app/apper.dll

    • Size

      84KB

    • MD5

      ed0e1f5710b2bf5b3ca3136cd308cc23

    • SHA1

      da966bf237ac052116366eb0616fae2cf36fee18

    • SHA256

      57b5197e11101c2e06bdd86d238fbb6c8a3ea565591ca9648200c3ee3a03dbc2

    • SHA512

      6b1274f6300074a8b765f16b54947aded0fc1bff4e6feb798ff17977f9149bff25f7e63f8cd2a1ad793b01d1345a9ba054c5e578b6dbdc9b30ab95439fdf412c

    • SSDEEP

      3:H:H

    Score
    1/10
    behavioral3

    • Target

      maizu hack v1.4/cfg.dll

    • Size

      118KB

    • MD5

      dfeaa87a10db2d555593e92f295f5a25

    • SHA1

      67e42c9b61e56e33fc6d7ab94ca921860628819e

    • SHA256

      36cc45bfe3b63ea42af564dd2c221219f7fb2e3f3ce93ca8cba3a53539bceb0f

    • SHA512

      891002e2a94dce513706709dad5e78419f3205cc8e102b048ed4d405a84fa5c211711a0b9cc311cc69f6602681dd7da8ac3cc1760828c374b06d51e203872062

    • SSDEEP

      3:H:H

    Score
    1/10
    behavioral4

    • Target

      maizu hack v1.4/data/aim.dll

    • Size

      594KB

    • MD5

      34d2ae40522c8aca067172f3108d4bac

    • SHA1

      0632a56c3d0fa2b6d46ec689c83c8a7465099012

    • SHA256

      0416210832c265bd2bad1319c65478194ec64789a7587cb35b51d1b4869586ed

    • SHA512

      372639c3c4532b83d11988b6bc58f81e3a90b1dfd8da98f400e620fe9fe4eb8f2c7c2e3dc91708cd615b82e35374665c3601190091f4a597a553d5613b0f20ac

    • SSDEEP

      3:H:H

    Score
    1/10
    behavioral5

    • Target

      maizu hack v1.4/data/fover.dll

    • Size

      67KB

    • MD5

      decaca5914d4409681c179f0f2a314f3

    • SHA1

      2a446b3ac2b9c8ec1b53da9a1a45197052a11602

    • SHA256

      4d32733ccac8b13505472b3b107e5fcd313d8e192433997dfd5f33548d4245b7

    • SHA512

      baa51713b9fedd13d2b02f139cdf656bd1ba3a7fffd320f75b3e2b98ca6bdf114c6bfa7fc01b59c79a7603db0906a7d8a520b79092d3e51e6b22626be6130986

    • SSDEEP

      3:n:n

    Score
    1/10
    behavioral6

    • Target

      maizu hack v1.4/data/setting.dll

    • Size

      135KB

    • MD5

      55b437f743590610be2a2501cf2c1582

    • SHA1

      41b7e82ab633aa3e8ae7dfbad1e716d730a08a93

    • SHA256

      d75c63c3cd03ee4000fe06115b4f03d60d18e075a29ff455ea6ce2c0a6add84f

    • SHA512

      c11d58d2b9a469d2a0203808cb731bf4b1c6c3052a4d308ca0f9a1148c53d7daeba0dd761408880c0bffc82cecb2a83b8097d42faab1816819dde1d049fcae85

    • SSDEEP

      3:n:n

    Score
    1/10
    behavioral7

    • Target

      maizu hack v1.4/data/vkfow2p.dll

    • Size

      118KB

    • MD5

      dfeaa87a10db2d555593e92f295f5a25

    • SHA1

      67e42c9b61e56e33fc6d7ab94ca921860628819e

    • SHA256

      36cc45bfe3b63ea42af564dd2c221219f7fb2e3f3ce93ca8cba3a53539bceb0f

    • SHA512

      891002e2a94dce513706709dad5e78419f3205cc8e102b048ed4d405a84fa5c211711a0b9cc311cc69f6602681dd7da8ac3cc1760828c374b06d51e203872062

    • SSDEEP

      3:H:H

    Score
    1/10
    behavioral8

    • Target

      maizu hack v1.4/dimaind.dat

    • Size

      509KB

    • MD5

      1040f641d8dd01f38ee4888772506c2a

    • SHA1

      46e63895e37a82147bfc01147d04b6effc450e6f

    • SHA256

      51cb1292c9198346c8f943b5787d57502b8a580bc20b1de9a425970abb02a7c5

    • SHA512

      87bbd4b3691ef928c80580e3ba9468f8bb7e4375e4f2e08dfdb3472be0a2d9b8726e38cc46a08194ef8c2ed883a4172bc495a7f134631df11098a2e59f17b4d1

    • SSDEEP

      3:n:n

    Score
    3/10
    behavioral9

    • Target

      maizu hack v1.4/main.dfb

    • Size

      152KB

    • MD5

      20b8e57e778d8c1b65a9f965b5b7050c

    • SHA1

      4dc958b8e8e1e95cea82beac1afe2f91b88f835d

    • SHA256

      99e7ffdb58bfbdb05b3f326655029cacb932809567b01392c63dc3d6d50fa50f

    • SHA512

      b081b0c1ae9ef62fa3e37ee3900da84c7a0d81945cf8a7e81087999391f9366b07a46227008096e226e1800553afce5675f7ed8f72ad505324035be03da2091c

    • SSDEEP

      3:H:H

    Score
    10/10
    lummadiscoverypersistenceprivilege_escalationstealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral10

    • Target

      maizu hack v1.4/maizu hack v1.4.exe

    • Size

      507KB

    • MD5

      5241cbe1ca5ad91d9701dcd3e86d0be4

    • SHA1

      42e2343018e6f26747f21310e1498a0b7558cee7

    • SHA256

      18b8ddccfd60b09d5e7148f3a5ce61c61d37da4de9e4206ad28155ad92d70a5d

    • SHA512

      208b7e3efce893a7a766d03f5185f065e0067b100ec5917fe9a3030906ce0740669d95ad2a128cdecf7cd70051cd04e1befa1fec5ce855a6a016016ae25950e1

    • SSDEEP

      12288:1+0NNkaifVNXUYLnft4Com2511gYTqKoGlGnzc:17yaCTXU+t4CoP5FTxoG

    Score
    10/10
    lummastealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Suspicious use of SetThreadContext

    behavioral11

    • Target

      maizu hack v1.4/sociebr.dfb

    • Size

      84KB

    • MD5

      ed0e1f5710b2bf5b3ca3136cd308cc23

    • SHA1

      da966bf237ac052116366eb0616fae2cf36fee18

    • SHA256

      57b5197e11101c2e06bdd86d238fbb6c8a3ea565591ca9648200c3ee3a03dbc2

    • SHA512

      6b1274f6300074a8b765f16b54947aded0fc1bff4e6feb798ff17977f9149bff25f7e63f8cd2a1ad793b01d1345a9ba054c5e578b6dbdc9b30ab95439fdf412c

    • SSDEEP

      3:H:H

    Score
    3/10
    behavioral12

    • Target

      maizu hack v1.4/updater.dll

    • Size

      67KB

    • MD5

      decaca5914d4409681c179f0f2a314f3

    • SHA1

      2a446b3ac2b9c8ec1b53da9a1a45197052a11602

    • SHA256

      4d32733ccac8b13505472b3b107e5fcd313d8e192433997dfd5f33548d4245b7

    • SHA512

      baa51713b9fedd13d2b02f139cdf656bd1ba3a7fffd320f75b3e2b98ca6bdf114c6bfa7fc01b59c79a7603db0906a7d8a520b79092d3e51e6b22626be6130986

    • SSDEEP

      3:n:n

    Score
    1/10
    behavioral13

    • Target

      maizu hack v1.4/version.dll

    • Size

      203KB

    • MD5

      a5b8f7deff0734c7e985d2a756b22ff8

    • SHA1

      656f8fe90c2d59942171f1e081827b3d038c1414

    • SHA256

      9d86f442f65c177cf2a6e659c974ce81e16acaa2663c378c6c6052da8e9c3e6a

    • SHA512

      404aa5fd2c6823fe71ff0c2b6dc341b64772b936645e69a805e67a4217f3fe1d73b398eae445f2e7745324f4ae6f23707f5258027fbe1ceb98947b59c44897f0

    • SSDEEP

      3:n:n

    Score
    1/10
    behavioral14

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

8
T1082

Query Registry

7
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks