Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fd0c6b0d9618c804aaec4f9ba1ac221ce54a43ddca16444824245bd684471825

  • Size

    210KB

  • Sample

    230115-zjswesga4w

  • MD5

    7035b2eefc6413e4c791147727e42a2f

  • SHA1

    cef5f176237f8bc633ebb82791fa492108835d7c

  • SHA256

    fd0c6b0d9618c804aaec4f9ba1ac221ce54a43ddca16444824245bd684471825

  • SHA512

    5eb8a11de7b72d3546b4562891c040f028a8c4d9e436dd5b46f2e9122441c6cda8fe4fc0f229080000d7c17062ff4cf66b4f3d271865b6fe245df38f98611bf8

  • SSDEEP

    3072:qXGCbQqP+Uls5cfB1Q3HyG+eP9ehkCHo2g9pND3YGMtT51i:K+aZ1QiePohloV90Gg5

Score
10/10
lummasmokeloaderbackdoorspywarestealertrojan

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

    • Target

      fd0c6b0d9618c804aaec4f9ba1ac221ce54a43ddca16444824245bd684471825

    • Size

      210KB

    • MD5

      7035b2eefc6413e4c791147727e42a2f

    • SHA1

      cef5f176237f8bc633ebb82791fa492108835d7c

    • SHA256

      fd0c6b0d9618c804aaec4f9ba1ac221ce54a43ddca16444824245bd684471825

    • SHA512

      5eb8a11de7b72d3546b4562891c040f028a8c4d9e436dd5b46f2e9122441c6cda8fe4fc0f229080000d7c17062ff4cf66b4f3d271865b6fe245df38f98611bf8

    • SSDEEP

      3072:qXGCbQqP+Uls5cfB1Q3HyG+eP9ehkCHo2g9pND3YGMtT51i:K+aZ1QiePohloV90Gg5

    Score
    10/10
    lummasmokeloaderbackdoorspywarestealertrojan

    • Detects Smokeloader packer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks