Extracted

• • Target

    e8f1504422844d1c6110aad3c029c3df60bf97df548123b73bfd8fff1cdeb096

  • Size

    207KB

  • MD5

    7b1395e32128a0680e1ba94da8e0c8fa

  • SHA1

    df4ec062db84aeb1034ea7a371c26b35d06c473d

  • SHA256

    e8f1504422844d1c6110aad3c029c3df60bf97df548123b73bfd8fff1cdeb096

  • SHA512

    a901513260a867bf4fdcbc62f9bfb32aeabd50e886d5be839c93c0058a8ff0266ca27dd579a63030a299fe77467549512e6673f25bd62171a9025a3ab1c3ce98

  • SSDEEP

    3072:xXNN7tSt+BVSD5vL4yRvjUzZvAmYAXOhFxv+tiSQRzm0bNHi:VtSyMoh5wQfjM

  Score

  10^/10

  lummasmokeloaderbackdoorcollectiondiscoverypersistencespywarestealertrojan

  • Detects Smokeloader packer

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Sets DLL path for service in the registry

    persistence

  • Sets service image path in registry

    persistence

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1