Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    210KB

  • Sample

    230116-bnyqgaba9w

  • MD5

    3b7c645533cf37c6e244f6801fc8f02f

  • SHA1

    24adf6aee1ffbb1c362089e25e5004af6ea77c3e

  • SHA256

    32d46c1643f10e95dee4f75367202f0f001f3e846568861b2636278465c70200

  • SHA512

    5605524bc4756311e0a710223cb58276d9c896be3894d428a0331090a4665471f7f9d07da6c5749803f8304c88b35732e2f53f566e98bae15baf2b2c9faf0578

  • SSDEEP

    3072:nYXDc4kmiud5hnZBrahDx/jNogPYRXMJJGEi:nsNiwaRtJFgr

Score
10/10
lummasmokeloaderbackdoorspywarestealertrojan

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

    • Target

      file.exe

    • Size

      210KB

    • MD5

      3b7c645533cf37c6e244f6801fc8f02f

    • SHA1

      24adf6aee1ffbb1c362089e25e5004af6ea77c3e

    • SHA256

      32d46c1643f10e95dee4f75367202f0f001f3e846568861b2636278465c70200

    • SHA512

      5605524bc4756311e0a710223cb58276d9c896be3894d428a0331090a4665471f7f9d07da6c5749803f8304c88b35732e2f53f566e98bae15baf2b2c9faf0578

    • SSDEEP

      3072:nYXDc4kmiud5hnZBrahDx/jNogPYRXMJJGEi:nsNiwaRtJFgr

    Score
    10/10
    smokeloaderbackdoortrojanlummaspywarestealer

    • Detects Smokeloader packer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks