General
-
Target
ba7571c10be3bf276f9ac556be34fb049b43f63d8558cb29bc9471e56319d7c1
-
Size
210KB
-
Sample
230116-ee7hssgg87
-
MD5
cf63f83bf1b8fb15c0bfc835b120b4e1
-
SHA1
31e0b9e7c195c51d6885d09e12e7305dc6c6bc95
-
SHA256
ba7571c10be3bf276f9ac556be34fb049b43f63d8558cb29bc9471e56319d7c1
-
SHA512
126434603f57e5f507a0b55076cba2927275739be717c18ed8bff37474c372819417f33bc253619216f5691cfa830879c60aafb5d8607332306a87540e6f6fda
-
SSDEEP
3072:RMXWoVyAIJd5pL+3S3FTL5n+2tSJlHHgGIxcei:RIEBryi3FP99QnMe
Static task
static1
Behavioral task
behavioral1
Sample
ba7571c10be3bf276f9ac556be34fb049b43f63d8558cb29bc9471e56319d7c1.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lumma
77.73.134.68
Targets
-
-
Target
ba7571c10be3bf276f9ac556be34fb049b43f63d8558cb29bc9471e56319d7c1
-
Size
210KB
-
MD5
cf63f83bf1b8fb15c0bfc835b120b4e1
-
SHA1
31e0b9e7c195c51d6885d09e12e7305dc6c6bc95
-
SHA256
ba7571c10be3bf276f9ac556be34fb049b43f63d8558cb29bc9471e56319d7c1
-
SHA512
126434603f57e5f507a0b55076cba2927275739be717c18ed8bff37474c372819417f33bc253619216f5691cfa830879c60aafb5d8607332306a87540e6f6fda
-
SSDEEP
3072:RMXWoVyAIJd5pL+3S3FTL5n+2tSJlHHgGIxcei:RIEBryi3FP99QnMe
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-