Extracted

• • Target

    file.exe

  • Size

    206KB

  • MD5

    5faa2b876a4611a0d98bee88837a27e4

  • SHA1

    a2128337201401530b59f9b74cd9da8cf404e885

  • SHA256

    1993b5e334b250a082cb4a3b9d67b41512ede29fd0ca80c39546dccfb0d3b2e5

  • SHA512

    838bfe511cd7f436e04308bc8e547c779b12ce25559ab07d2ba6007d0bcb0ed0acf043faca3944609b514d947b7e972d23b9573366a89a9b6dcc3639138bbcda

  • SSDEEP

    3072:RXtFNcpIaxD5votqrI4fzTojg0L1f0Np7QJSysCAebi:1mVUg8AIL1fmcJSw

  Score

  10^/10

  smokeloaderbackdoortrojanlummacollectiondiscoverypersistencespywarestealer

  • Detects Smokeloader packer

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Sets DLL path for service in the registry

    persistence

  • Sets service image path in registry

    persistence

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2