lumma | 0ce027e31427cff81bcbe28cd67c5d7c1478beea194829e4266fcc4d3ed6c5f1 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

0ce027e31427cff81bcbe28cd67c5d7c1478beea194829e4266fcc4d3ed6c5f1
Size

206KB
Sample

230115-nxdswaec38
MD5

a375317afc25dee89efc84c83a29f1ce
SHA1

6443bee1e629e9e3803c376a261a9399418f57bd
SHA256

0ce027e31427cff81bcbe28cd67c5d7c1478beea194829e4266fcc4d3ed6c5f1
SHA512

1ac036d91bdabd8e200f4f77dbbafe250c0b11c208c2833a1ecd6a8d2eae92b0183dfdf6fa142a9a2712ee7ba02c6446cfff32b694856033d17d67e387136d43
SSDEEP

3072:sXtnvcyAupAu5X+YLmxujtZtKQnoICqGsj5vU1Uvri:oGmpW6mxOztKqLj5vJv

Score

10^/10

lumma smokeloader backdoor discovery persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

0ce027e31427cff81bcbe28cd67c5d7c1478beea194829e4266fcc4d3ed6c5f1.exe

Resource

win10v2004-20221111-en

lumma smokeloader backdoor discovery persistence stealer trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  0ce027e31427cff81bcbe28cd67c5d7c1478beea194829e4266fcc4d3ed6c5f1
- Size
  
  206KB
- MD5
  
  a375317afc25dee89efc84c83a29f1ce
- SHA1
  
  6443bee1e629e9e3803c376a261a9399418f57bd
- SHA256
  
  0ce027e31427cff81bcbe28cd67c5d7c1478beea194829e4266fcc4d3ed6c5f1
- SHA512
  
  1ac036d91bdabd8e200f4f77dbbafe250c0b11c208c2833a1ecd6a8d2eae92b0183dfdf6fa142a9a2712ee7ba02c6446cfff32b694856033d17d67e387136d43
- SSDEEP
  
  3072:sXtnvcyAupAu5X+YLmxujtZtKQnoICqGsj5vU1Uvri:oGmpW6mxOztKqLj5vJv
Score

10^/10

lumma smokeloader backdoor discovery persistence stealer trojan
- Detects Smokeloader packer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lummasmokeloaderbackdoordiscoverypersistencestealertrojan

© 2018-2024

Terms | Privacy