lumma | f9566c89ded8993162f78d5e1d3cca6f70c3e94cb9084251c74306f60ef2cabf | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

f9566c89ded8993162f78d5e1d3cca6f70c3e94cb9084251c74306f60ef2cabf
Size

206KB
Sample

230114-zd66vsdd35
MD5

e5ca5c56f7b98c83b06c55aec38961d9
SHA1

ff8d1cc0be6b2fa24c08fa22db96589a62a64a9b
SHA256

f9566c89ded8993162f78d5e1d3cca6f70c3e94cb9084251c74306f60ef2cabf
SHA512

17ac3cfdfa2693cf12335385496ef4b7abddd557c2b620cb19eeeae8bff2e87e9b3a5de50a2b445986977c4b149c06bcd4ca379eeb99af90e4beaf8ce766b194
SSDEEP

3072:6XqXQobWkXZb1oz5VqffEuPd3EGgE2Yd/IdgBpIr9pxrW8Papb:av2xXwbmlKhgvIr0Dp

Score

10^/10

lumma smokeloader backdoor spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

f9566c89ded8993162f78d5e1d3cca6f70c3e94cb9084251c74306f60ef2cabf.exe

Resource

win10v2004-20221111-en

lumma smokeloader backdoor spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  f9566c89ded8993162f78d5e1d3cca6f70c3e94cb9084251c74306f60ef2cabf
- Size
  
  206KB
- MD5
  
  e5ca5c56f7b98c83b06c55aec38961d9
- SHA1
  
  ff8d1cc0be6b2fa24c08fa22db96589a62a64a9b
- SHA256
  
  f9566c89ded8993162f78d5e1d3cca6f70c3e94cb9084251c74306f60ef2cabf
- SHA512
  
  17ac3cfdfa2693cf12335385496ef4b7abddd557c2b620cb19eeeae8bff2e87e9b3a5de50a2b445986977c4b149c06bcd4ca379eeb99af90e4beaf8ce766b194
- SSDEEP
  
  3072:6XqXQobWkXZb1oz5VqffEuPd3EGgE2Yd/IdgBpIr9pxrW8Papb:av2xXwbmlKhgvIr0Dp
Score

10^/10

lumma smokeloader backdoor spyware stealer trojan
- Detects Smokeloader packer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummasmokeloaderbackdoorspywarestealertrojan

© 2018-2024

Terms | Privacy