Extracted

• • Target

    file.exe

  • Size

    207KB

  • MD5

    1caa61fad5dbad497a768ea327d6397a

  • SHA1

    3c25b8542d283bb76d798db53bd3dbcf32d972dd

  • SHA256

    d7823d7fdba8453f0057f64a60b646517bf46f9c2bfb1db2477b40b920d37460

  • SHA512

    31bb93402fa6b940b9e46de9f177e147e0cb15e42fb74e65a158143053ae1d738fb66a25b6a211c42205491d204e134c5ff5533f0a46c2e691cff09037f7c069

  • SSDEEP

    3072:PX+3ZdRAX43Fzgo5t41LEc5MJg6nvOM8fw6+NlN1x5qH2apb:/mRAX4BgL1Bag6nGMC+NlN+jp

  Score

  10^/10

  smokeloaderbackdoortrojanlummacollectiondiscoverypersistencespywarestealer

  • Detects Smokeloader packer

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Sets DLL path for service in the registry

    persistence

  • Sets service image path in registry

    persistence

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2