General
-
Target
8df105affac7a3c0348efdb7c5f1f159acceda0c13d5f318e611e5528e82d874
-
Size
210KB
-
Sample
230116-e7874ahc79
-
MD5
92bb8675d4eedd4d50603597ce85dbbf
-
SHA1
618f820d738a192c3e70875b01a612df48c03698
-
SHA256
8df105affac7a3c0348efdb7c5f1f159acceda0c13d5f318e611e5528e82d874
-
SHA512
22ef20a9f4110f5718dacbc81f75dd94c96756b60b34c9d4058d78e68b58d0e4ce7bfb717b996ff26eb1c8dcabd30dbe3a641491a4c57f74a1ce89a9a2e4c564
-
SSDEEP
3072:1MXWFheF3d56wEZf+iV9uAw7Xw3c249xSqQNqi:1InFapZfMAb3Fh
Static task
static1
Behavioral task
behavioral1
Sample
8df105affac7a3c0348efdb7c5f1f159acceda0c13d5f318e611e5528e82d874.exe
Resource
win10-20220812-en
Malware Config
Extracted
lumma
77.73.134.68
Targets
-
-
Target
8df105affac7a3c0348efdb7c5f1f159acceda0c13d5f318e611e5528e82d874
-
Size
210KB
-
MD5
92bb8675d4eedd4d50603597ce85dbbf
-
SHA1
618f820d738a192c3e70875b01a612df48c03698
-
SHA256
8df105affac7a3c0348efdb7c5f1f159acceda0c13d5f318e611e5528e82d874
-
SHA512
22ef20a9f4110f5718dacbc81f75dd94c96756b60b34c9d4058d78e68b58d0e4ce7bfb717b996ff26eb1c8dcabd30dbe3a641491a4c57f74a1ce89a9a2e4c564
-
SSDEEP
3072:1MXWFheF3d56wEZf+iV9uAw7Xw3c249xSqQNqi:1InFapZfMAb3Fh
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-