lumma | 07c5c741a4699acffb1cabb19c3da0a236d110c11f4c8c037baaedb5bb33f7ee | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

07c5c741a4699acffb1cabb19c3da0a236d110c11f4c8c037baaedb5bb33f7ee
Size

210KB
Sample

230115-vayyvsda7x
MD5

caddf40996583dd2cc12824f789a8a2e
SHA1

c175d5bc35b9501e0bf3bc33fd71adeafa6130e3
SHA256

07c5c741a4699acffb1cabb19c3da0a236d110c11f4c8c037baaedb5bb33f7ee
SHA512

e4b333726fbec0e13409d5c84ea046e28d9e0ad739d629a379f2f8d712c88ede93cf20e0e4bb6fa6adb1010e51230e1b962af2faf6dc63c8a95944fb26e3fb43
SSDEEP

3072:3XGXGA/mxa58MBGutVAZfFfWzghUBEW8e2WojOSNKYsi:nFY8utVe1WzghUBD8e2W4H

Score

10^/10

lumma smokeloader backdoor collection discovery persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

07c5c741a4699acffb1cabb19c3da0a236d110c11f4c8c037baaedb5bb33f7ee.exe

Resource

win10v2004-20221111-en

lumma smokeloader backdoor collection discovery persistence spyware stealer trojan

windows10-2004-x64

31 signatures

150 seconds

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  07c5c741a4699acffb1cabb19c3da0a236d110c11f4c8c037baaedb5bb33f7ee
- Size
  
  210KB
- MD5
  
  caddf40996583dd2cc12824f789a8a2e
- SHA1
  
  c175d5bc35b9501e0bf3bc33fd71adeafa6130e3
- SHA256
  
  07c5c741a4699acffb1cabb19c3da0a236d110c11f4c8c037baaedb5bb33f7ee
- SHA512
  
  e4b333726fbec0e13409d5c84ea046e28d9e0ad739d629a379f2f8d712c88ede93cf20e0e4bb6fa6adb1010e51230e1b962af2faf6dc63c8a95944fb26e3fb43
- SSDEEP
  
  3072:3XGXGA/mxa58MBGutVAZfFfWzghUBEW8e2WojOSNKYsi:nFY8utVe1WzghUBD8e2W4H
Score

10^/10

lumma smokeloader backdoor collection discovery persistence spyware stealer trojan
- Detects Smokeloader packer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummasmokeloaderbackdoorcollectiondiscoverypersistencespywarestealertrojan

© 2018-2024

Terms | Privacy