lumma | 03e90fb4cf597e899563b5b998fcb606d5630ecb7542dffe6771dcb1b88e5d51 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

03e90fb4cf597e899563b5b998fcb606d5630ecb7542dffe6771dcb1b88e5d51
Size

210KB
Sample

230115-w5s7jaac86
MD5

c1421d6a836ddbcd0560462a005a7018
SHA1

d97043fadec45054729cb723bbea2b00db911e15
SHA256

03e90fb4cf597e899563b5b998fcb606d5630ecb7542dffe6771dcb1b88e5d51
SHA512

03306e092695be2d28978b8c983b023c934687859590eba8bd7f8e9280a2f69bcd769da2be36d6dbb371e22b14bc49e81f875d4782a894dc87055d7dca558664
SSDEEP

3072:KXW3PspHHs53YoYlffh0arn+oDR0CfFvjKk19cupSr9/i:qxSYoYjF+wxKk19vYr

Score

10^/10

lumma smokeloader backdoor discovery persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

03e90fb4cf597e899563b5b998fcb606d5630ecb7542dffe6771dcb1b88e5d51.exe

Resource

win10v2004-20220812-en

lumma smokeloader backdoor discovery persistence stealer trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  03e90fb4cf597e899563b5b998fcb606d5630ecb7542dffe6771dcb1b88e5d51
- Size
  
  210KB
- MD5
  
  c1421d6a836ddbcd0560462a005a7018
- SHA1
  
  d97043fadec45054729cb723bbea2b00db911e15
- SHA256
  
  03e90fb4cf597e899563b5b998fcb606d5630ecb7542dffe6771dcb1b88e5d51
- SHA512
  
  03306e092695be2d28978b8c983b023c934687859590eba8bd7f8e9280a2f69bcd769da2be36d6dbb371e22b14bc49e81f875d4782a894dc87055d7dca558664
- SSDEEP
  
  3072:KXW3PspHHs53YoYlffh0arn+oDR0CfFvjKk19cupSr9/i:qxSYoYjF+wxKk19vYr
Score

10^/10

lumma smokeloader backdoor discovery persistence stealer trojan
- Detects Smokeloader packer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lummasmokeloaderbackdoordiscoverypersistencestealertrojan

© 2018-2024

Terms | Privacy