lumma | 482f9a21893127c2bf7477236533dc2db007ad1eb1fe6cc9ae7135bc71742abd | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

482f9a21893127c2bf7477236533dc2db007ad1eb1fe6cc9ae7135bc71742abd
Size

207KB
Sample

230115-rys6qsga48
MD5

3a61ec110bb167c8e3a0cac282c1d3e7
SHA1

888b06642f643b8b36c5db2b4cda28a17f6affaa
SHA256

482f9a21893127c2bf7477236533dc2db007ad1eb1fe6cc9ae7135bc71742abd
SHA512

5176bb10cf36e018689f030514cf7180a5ca74c8b63ed12037896813ea4267987f062c825c68d0b0b11aa6e3702ab627c528bf34292f0d19d3a5b572c93bd679
SSDEEP

3072:XXtTlv1Y3V7I50QVzPRSRC1VvTdnUx3cOfg6o5W/i:Hj12uVOGvTNUxmI

Score

10^/10

lumma smokeloader backdoor spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

482f9a21893127c2bf7477236533dc2db007ad1eb1fe6cc9ae7135bc71742abd.exe

Resource

win10v2004-20221111-en

lumma smokeloader backdoor spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  482f9a21893127c2bf7477236533dc2db007ad1eb1fe6cc9ae7135bc71742abd
- Size
  
  207KB
- MD5
  
  3a61ec110bb167c8e3a0cac282c1d3e7
- SHA1
  
  888b06642f643b8b36c5db2b4cda28a17f6affaa
- SHA256
  
  482f9a21893127c2bf7477236533dc2db007ad1eb1fe6cc9ae7135bc71742abd
- SHA512
  
  5176bb10cf36e018689f030514cf7180a5ca74c8b63ed12037896813ea4267987f062c825c68d0b0b11aa6e3702ab627c528bf34292f0d19d3a5b572c93bd679
- SSDEEP
  
  3072:XXtTlv1Y3V7I50QVzPRSRC1VvTdnUx3cOfg6o5W/i:Hj12uVOGvTNUxmI
Score

10^/10

lumma smokeloader backdoor spyware stealer trojan
- Detects Smokeloader packer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lummasmokeloaderbackdoorspywarestealertrojan

© 2018-2024

Terms | Privacy