lumma | 94df69dfe27e1b3da2ecee9169c4e075c213d1e94cebb534ac65ea5093e3d513 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

94df69dfe27e1b3da2ecee9169c4e075c213d1e94cebb534ac65ea5093e3d513
Size

210KB
Sample

230115-vsyqtahe74
MD5

e4579885cf59fe9bc9a42f26a54b6e83
SHA1

f4365fae65d6c29079eae9cc03e1a3f5b4559fba
SHA256

94df69dfe27e1b3da2ecee9169c4e075c213d1e94cebb534ac65ea5093e3d513
SHA512

b85c099e04d5fe018d0e9c8623994a8929cca61ce1aca412f09f1dc4faf24d54d3db5b9bf3404721fbdab7ba2b3cefaeb3fb388a9623fce7655192cd89e43e71
SSDEEP

3072:TXWhFVbRR3ns515T9Z08rSZ8WtYtS5i2gyGaDH9Zk/0DTEi:L+Ea8m+WWtAiMJDH3

Score

10^/10

lumma smokeloader backdoor spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

94df69dfe27e1b3da2ecee9169c4e075c213d1e94cebb534ac65ea5093e3d513.exe

Resource

win10v2004-20220812-en

lumma smokeloader backdoor spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  94df69dfe27e1b3da2ecee9169c4e075c213d1e94cebb534ac65ea5093e3d513
- Size
  
  210KB
- MD5
  
  e4579885cf59fe9bc9a42f26a54b6e83
- SHA1
  
  f4365fae65d6c29079eae9cc03e1a3f5b4559fba
- SHA256
  
  94df69dfe27e1b3da2ecee9169c4e075c213d1e94cebb534ac65ea5093e3d513
- SHA512
  
  b85c099e04d5fe018d0e9c8623994a8929cca61ce1aca412f09f1dc4faf24d54d3db5b9bf3404721fbdab7ba2b3cefaeb3fb388a9623fce7655192cd89e43e71
- SSDEEP
  
  3072:TXWhFVbRR3ns515T9Z08rSZ8WtYtS5i2gyGaDH9Zk/0DTEi:L+Ea8m+WWtAiMJDH3
Score

10^/10

lumma smokeloader backdoor spyware stealer trojan
- Detects Smokeloader packer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummasmokeloaderbackdoorspywarestealertrojan

© 2018-2024

Terms | Privacy