lumma | 1ce27fdc5a5869835ceaef65c07fc5cf0165d373aa9cae89a5f713d7d704fc29 | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

207KB
Sample

230115-gcv34aef4t
MD5

e61bd1023de1c935149a998c33ae9f37
SHA1

f06f36974c483508c0616b5de63aa70472358b14
SHA256

1ce27fdc5a5869835ceaef65c07fc5cf0165d373aa9cae89a5f713d7d704fc29
SHA512

81999880f516b3b6b2ff584e4e8ae4b70e33fe2fcfb0ac15b8f3397e88666e1985d0b62a5660a32c5f6718ef374fa338a92be961dbf586c2a10d3fc9f3d8f475
SSDEEP

3072:ZXNhbS3y+k+BFCJ5vGgdBmRVDb5Lk3O5+n/06Pwx7apb:9fgy+k+uzPMRVDb58u6Pzp

Score

10^/10

lumma smokeloader backdoor spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20220812-en

smokeloader backdoor trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20221111-en

lumma smokeloader backdoor spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  file.exe
- Size
  
  207KB
- MD5
  
  e61bd1023de1c935149a998c33ae9f37
- SHA1
  
  f06f36974c483508c0616b5de63aa70472358b14
- SHA256
  
  1ce27fdc5a5869835ceaef65c07fc5cf0165d373aa9cae89a5f713d7d704fc29
- SHA512
  
  81999880f516b3b6b2ff584e4e8ae4b70e33fe2fcfb0ac15b8f3397e88666e1985d0b62a5660a32c5f6718ef374fa338a92be961dbf586c2a10d3fc9f3d8f475
- SSDEEP
  
  3072:ZXNhbS3y+k+BFCJ5vGgdBmRVDb5Lk3O5+n/06Pwx7apb:9fgy+k+uzPMRVDb58u6Pzp
Score

10^/10

smokeloader backdoor trojan lumma spyware stealer
- Detects Smokeloader packer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

lummasmokeloaderbackdoorspywarestealertrojan

© 2018-2024

Terms | Privacy