lumma | 987fed2dae35dedc1c52230b9938c2a351164d84e8874c8314957812ad641bdb | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

987fed2dae35dedc1c52230b9938c2a351164d84e8874c8314957812ad641bdb
Size

211KB
Sample

230115-vskh7ahe73
MD5

02f3b25318b1cc3c6a24ad7a1738eede
SHA1

43182925664314e2fea57cc3daf719568385e6e0
SHA256

987fed2dae35dedc1c52230b9938c2a351164d84e8874c8314957812ad641bdb
SHA512

356f503151db78a98a2d309b1636693d71e814b3bd4c9ba3b4e6d8955ab6afede0e39c2517e9da03cd2047bdab046a4fdb5b49548f36a160030953e97f20e94c
SSDEEP

3072:CXjrZwbg56Ks5RIZEyS5VDnrqKxyeqLzy5mi:C6yZHSDnuKcn

Score

10^/10

lumma smokeloader backdoor spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

987fed2dae35dedc1c52230b9938c2a351164d84e8874c8314957812ad641bdb.exe

Resource

win10-20220812-en

lumma smokeloader backdoor spyware stealer trojan

windows10-1703-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  987fed2dae35dedc1c52230b9938c2a351164d84e8874c8314957812ad641bdb
- Size
  
  211KB
- MD5
  
  02f3b25318b1cc3c6a24ad7a1738eede
- SHA1
  
  43182925664314e2fea57cc3daf719568385e6e0
- SHA256
  
  987fed2dae35dedc1c52230b9938c2a351164d84e8874c8314957812ad641bdb
- SHA512
  
  356f503151db78a98a2d309b1636693d71e814b3bd4c9ba3b4e6d8955ab6afede0e39c2517e9da03cd2047bdab046a4fdb5b49548f36a160030953e97f20e94c
- SSDEEP
  
  3072:CXjrZwbg56Ks5RIZEyS5VDnrqKxyeqLzy5mi:C6yZHSDnuKcn
Score

10^/10

lumma smokeloader backdoor spyware stealer trojan
- Detects Smokeloader packer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lummasmokeloaderbackdoorspywarestealertrojan

© 2018-2024

Terms | Privacy