Extracted

• • Target

    file.exe

  • Size

    210KB

  • MD5

    63f1cf4d473f59b211da781139c2602e

  • SHA1

    c584e03ce15d4505fd32acb742c2a380a87cbbd4

  • SHA256

    94cd01440758f627a06265285a8b50f0484d869d9ce4f6b904c0b9d37910b3a8

  • SHA512

    4dc999e5dde7d23531ed3e172c9a623da5d1e437587c6456ea5240099fbf23c4ee43b9af7e0f30cd39199984417853cc08e9ca9d655c48578edbe4dbd5497e69

  • SSDEEP

    3072:/XWPEBQS7Ha5yvF7+jn5/0rIApqj4/pdlFk1i:vp7YjN0rIApN

  Score

  10^/10

  smokeloaderbackdoortrojanlummacollectiondiscoverypersistencespywarestealer

  • Detects Smokeloader packer

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Sets DLL path for service in the registry

    persistence

  • Sets service image path in registry

    persistence

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2