General
-
Target
6d3075ce0ca67b14fe556455ccec4815eed14ede3e39bcba434f8c6b3a5b2089
-
Size
209KB
-
Sample
230115-z9npdscf34
-
MD5
7ed3fbe353dd839ffdec24d0b1abdcf4
-
SHA1
415e5a993e2b166ca21d93a00dfc6878fa003fc6
-
SHA256
6d3075ce0ca67b14fe556455ccec4815eed14ede3e39bcba434f8c6b3a5b2089
-
SHA512
62b5db023f79cf284f15beddaad88923be5eae5502040c477e6fe6c4ad233b63459f977d77939f65da55c0b21b1946c44467191b3f2977fd34ae4fe4a20c95bb
-
SSDEEP
3072:a0CXmGkUsi+9Fd54S8W63HnJIMF3UuSdPgti:a0Cexi+LqHJPF3Uu+g
Static task
static1
Behavioral task
behavioral1
Sample
6d3075ce0ca67b14fe556455ccec4815eed14ede3e39bcba434f8c6b3a5b2089.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lumma
77.73.134.68
Targets
-
-
Target
6d3075ce0ca67b14fe556455ccec4815eed14ede3e39bcba434f8c6b3a5b2089
-
Size
209KB
-
MD5
7ed3fbe353dd839ffdec24d0b1abdcf4
-
SHA1
415e5a993e2b166ca21d93a00dfc6878fa003fc6
-
SHA256
6d3075ce0ca67b14fe556455ccec4815eed14ede3e39bcba434f8c6b3a5b2089
-
SHA512
62b5db023f79cf284f15beddaad88923be5eae5502040c477e6fe6c4ad233b63459f977d77939f65da55c0b21b1946c44467191b3f2977fd34ae4fe4a20c95bb
-
SSDEEP
3072:a0CXmGkUsi+9Fd54S8W63HnJIMF3UuSdPgti:a0Cexi+LqHJPF3Uu+g
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-