General
-
Target
19533506a74a8fd80ba932ca930c0805d0f69095d5820683ff757785dbb4359e
-
Size
210KB
-
Sample
230116-btzvqafc75
-
MD5
0d0655ac3327465e342c8643e0aec261
-
SHA1
3b60b63f926a4ef0821bc359858fec339327517f
-
SHA256
19533506a74a8fd80ba932ca930c0805d0f69095d5820683ff757785dbb4359e
-
SHA512
1b00d21f5de948ef4d5be4a5593eb9a83dcccb84d1bd5ded3c2846a606e731f8d14074cfaaa5511c0a57651239de1870bab314ff5f8fea56022c2b3bc878f970
-
SSDEEP
3072:rMX15/9Gxad5gWGzaBUOxqNk7EWVRS8Nw4i:rIdGxbaBNx5EsSL
Malware Config
Extracted
lumma
77.73.134.68
Targets
-
-
Target
19533506a74a8fd80ba932ca930c0805d0f69095d5820683ff757785dbb4359e
-
Size
210KB
-
MD5
0d0655ac3327465e342c8643e0aec261
-
SHA1
3b60b63f926a4ef0821bc359858fec339327517f
-
SHA256
19533506a74a8fd80ba932ca930c0805d0f69095d5820683ff757785dbb4359e
-
SHA512
1b00d21f5de948ef4d5be4a5593eb9a83dcccb84d1bd5ded3c2846a606e731f8d14074cfaaa5511c0a57651239de1870bab314ff5f8fea56022c2b3bc878f970
-
SSDEEP
3072:rMX15/9Gxad5gWGzaBUOxqNk7EWVRS8Nw4i:rIdGxbaBNx5EsSL
Score10/10-
Detects Smokeloader packer
-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-