lumma | 6ca5c9a22c5917d0a429c64601bdc9014425ec20463e2a90c1c1a7317e397c9e | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

6ca5c9a22c5917d0a429c64601bdc9014425ec20463e2a90c1c1a7317e397c9e
Size

210KB
Sample

230115-3war6aea56
MD5

6a0c02d75b060ef9fee6cb9c6d6d2a7d
SHA1

686f49a408d80ef700393a2ccf523c1a7223f1b4
SHA256

6ca5c9a22c5917d0a429c64601bdc9014425ec20463e2a90c1c1a7317e397c9e
SHA512

cc1513c8f17bfa152a036be33e1cfeca00dfc6af297c793463e8160af65e242f7b8998ea0ee1947cecf75f82b50930da02395ffa6a0cbdc61ff5c652c8ecdaca
SSDEEP

3072:PYXWECROUQJd5/oOe7Q3hC8CnOjuzncezcX69i:PstUQnekEnXzbzcq

Score

10^/10

lumma smokeloader backdoor collection discovery persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

6ca5c9a22c5917d0a429c64601bdc9014425ec20463e2a90c1c1a7317e397c9e.exe

Resource

win10v2004-20221111-en

lumma smokeloader backdoor collection discovery persistence spyware stealer trojan

windows10-2004-x64

31 signatures

150 seconds

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  6ca5c9a22c5917d0a429c64601bdc9014425ec20463e2a90c1c1a7317e397c9e
- Size
  
  210KB
- MD5
  
  6a0c02d75b060ef9fee6cb9c6d6d2a7d
- SHA1
  
  686f49a408d80ef700393a2ccf523c1a7223f1b4
- SHA256
  
  6ca5c9a22c5917d0a429c64601bdc9014425ec20463e2a90c1c1a7317e397c9e
- SHA512
  
  cc1513c8f17bfa152a036be33e1cfeca00dfc6af297c793463e8160af65e242f7b8998ea0ee1947cecf75f82b50930da02395ffa6a0cbdc61ff5c652c8ecdaca
- SSDEEP
  
  3072:PYXWECROUQJd5/oOe7Q3hC8CnOjuzncezcX69i:PstUQnekEnXzbzcq
Score

10^/10

lumma smokeloader backdoor collection discovery persistence spyware stealer trojan
- Detects Smokeloader packer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummasmokeloaderbackdoorcollectiondiscoverypersistencespywarestealertrojan

© 2018-2024

Terms | Privacy