General
-
Target
6ca5c9a22c5917d0a429c64601bdc9014425ec20463e2a90c1c1a7317e397c9e
-
Size
210KB
-
Sample
230115-3war6aea56
-
MD5
6a0c02d75b060ef9fee6cb9c6d6d2a7d
-
SHA1
686f49a408d80ef700393a2ccf523c1a7223f1b4
-
SHA256
6ca5c9a22c5917d0a429c64601bdc9014425ec20463e2a90c1c1a7317e397c9e
-
SHA512
cc1513c8f17bfa152a036be33e1cfeca00dfc6af297c793463e8160af65e242f7b8998ea0ee1947cecf75f82b50930da02395ffa6a0cbdc61ff5c652c8ecdaca
-
SSDEEP
3072:PYXWECROUQJd5/oOe7Q3hC8CnOjuzncezcX69i:PstUQnekEnXzbzcq
Static task
static1
Behavioral task
behavioral1
Sample
6ca5c9a22c5917d0a429c64601bdc9014425ec20463e2a90c1c1a7317e397c9e.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lumma
77.73.134.68
Targets
-
-
Target
6ca5c9a22c5917d0a429c64601bdc9014425ec20463e2a90c1c1a7317e397c9e
-
Size
210KB
-
MD5
6a0c02d75b060ef9fee6cb9c6d6d2a7d
-
SHA1
686f49a408d80ef700393a2ccf523c1a7223f1b4
-
SHA256
6ca5c9a22c5917d0a429c64601bdc9014425ec20463e2a90c1c1a7317e397c9e
-
SHA512
cc1513c8f17bfa152a036be33e1cfeca00dfc6af297c793463e8160af65e242f7b8998ea0ee1947cecf75f82b50930da02395ffa6a0cbdc61ff5c652c8ecdaca
-
SSDEEP
3072:PYXWECROUQJd5/oOe7Q3hC8CnOjuzncezcX69i:PstUQnekEnXzbzcq
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-