Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    210KB

  • Sample

    230116-e5dcmsdb8w

  • MD5

    92bb8675d4eedd4d50603597ce85dbbf

  • SHA1

    618f820d738a192c3e70875b01a612df48c03698

  • SHA256

    8df105affac7a3c0348efdb7c5f1f159acceda0c13d5f318e611e5528e82d874

  • SHA512

    22ef20a9f4110f5718dacbc81f75dd94c96756b60b34c9d4058d78e68b58d0e4ce7bfb717b996ff26eb1c8dcabd30dbe3a641491a4c57f74a1ce89a9a2e4c564

  • SSDEEP

    3072:1MXWFheF3d56wEZf+iV9uAw7Xw3c249xSqQNqi:1InFapZfMAb3Fh

Score
10/10
lummasmokeloaderbackdoorspywarestealertrojan

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

    • Target

      file.exe

    • Size

      210KB

    • MD5

      92bb8675d4eedd4d50603597ce85dbbf

    • SHA1

      618f820d738a192c3e70875b01a612df48c03698

    • SHA256

      8df105affac7a3c0348efdb7c5f1f159acceda0c13d5f318e611e5528e82d874

    • SHA512

      22ef20a9f4110f5718dacbc81f75dd94c96756b60b34c9d4058d78e68b58d0e4ce7bfb717b996ff26eb1c8dcabd30dbe3a641491a4c57f74a1ce89a9a2e4c564

    • SSDEEP

      3072:1MXWFheF3d56wEZf+iV9uAw7Xw3c249xSqQNqi:1InFapZfMAb3Fh

    Score
    10/10
    smokeloaderbackdoortrojanlummaspywarestealer

    • Detects Smokeloader packer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks