General
-
Target
07c5c741a4699acffb1cabb19c3da0a236d110c11f4c8c037baaedb5bb33f7ee
-
Size
210KB
-
Sample
230115-vayyvsda7x
-
MD5
caddf40996583dd2cc12824f789a8a2e
-
SHA1
c175d5bc35b9501e0bf3bc33fd71adeafa6130e3
-
SHA256
07c5c741a4699acffb1cabb19c3da0a236d110c11f4c8c037baaedb5bb33f7ee
-
SHA512
e4b333726fbec0e13409d5c84ea046e28d9e0ad739d629a379f2f8d712c88ede93cf20e0e4bb6fa6adb1010e51230e1b962af2faf6dc63c8a95944fb26e3fb43
-
SSDEEP
3072:3XGXGA/mxa58MBGutVAZfFfWzghUBEW8e2WojOSNKYsi:nFY8utVe1WzghUBD8e2W4H
Static task
static1
Behavioral task
behavioral1
Sample
07c5c741a4699acffb1cabb19c3da0a236d110c11f4c8c037baaedb5bb33f7ee.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lumma
77.73.134.68
Targets
-
-
Target
07c5c741a4699acffb1cabb19c3da0a236d110c11f4c8c037baaedb5bb33f7ee
-
Size
210KB
-
MD5
caddf40996583dd2cc12824f789a8a2e
-
SHA1
c175d5bc35b9501e0bf3bc33fd71adeafa6130e3
-
SHA256
07c5c741a4699acffb1cabb19c3da0a236d110c11f4c8c037baaedb5bb33f7ee
-
SHA512
e4b333726fbec0e13409d5c84ea046e28d9e0ad739d629a379f2f8d712c88ede93cf20e0e4bb6fa6adb1010e51230e1b962af2faf6dc63c8a95944fb26e3fb43
-
SSDEEP
3072:3XGXGA/mxa58MBGutVAZfFfWzghUBEW8e2WojOSNKYsi:nFY8utVe1WzghUBD8e2W4H
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-