General
-
Target
e8f1504422844d1c6110aad3c029c3df60bf97df548123b73bfd8fff1cdeb096
-
Size
207KB
-
Sample
230115-k8n67sgf6z
-
MD5
7b1395e32128a0680e1ba94da8e0c8fa
-
SHA1
df4ec062db84aeb1034ea7a371c26b35d06c473d
-
SHA256
e8f1504422844d1c6110aad3c029c3df60bf97df548123b73bfd8fff1cdeb096
-
SHA512
a901513260a867bf4fdcbc62f9bfb32aeabd50e886d5be839c93c0058a8ff0266ca27dd579a63030a299fe77467549512e6673f25bd62171a9025a3ab1c3ce98
-
SSDEEP
3072:xXNN7tSt+BVSD5vL4yRvjUzZvAmYAXOhFxv+tiSQRzm0bNHi:VtSyMoh5wQfjM
Malware Config
Extracted
lumma
77.73.134.68
Targets
-
-
Target
e8f1504422844d1c6110aad3c029c3df60bf97df548123b73bfd8fff1cdeb096
-
Size
207KB
-
MD5
7b1395e32128a0680e1ba94da8e0c8fa
-
SHA1
df4ec062db84aeb1034ea7a371c26b35d06c473d
-
SHA256
e8f1504422844d1c6110aad3c029c3df60bf97df548123b73bfd8fff1cdeb096
-
SHA512
a901513260a867bf4fdcbc62f9bfb32aeabd50e886d5be839c93c0058a8ff0266ca27dd579a63030a299fe77467549512e6673f25bd62171a9025a3ab1c3ce98
-
SSDEEP
3072:xXNN7tSt+BVSD5vL4yRvjUzZvAmYAXOhFxv+tiSQRzm0bNHi:VtSyMoh5wQfjM
Score10/10-
Detects Smokeloader packer
-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-