Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    210KB

  • Sample

    230116-es3rrsha76

  • MD5

    cf63f83bf1b8fb15c0bfc835b120b4e1

  • SHA1

    31e0b9e7c195c51d6885d09e12e7305dc6c6bc95

  • SHA256

    ba7571c10be3bf276f9ac556be34fb049b43f63d8558cb29bc9471e56319d7c1

  • SHA512

    126434603f57e5f507a0b55076cba2927275739be717c18ed8bff37474c372819417f33bc253619216f5691cfa830879c60aafb5d8607332306a87540e6f6fda

  • SSDEEP

    3072:RMXWoVyAIJd5pL+3S3FTL5n+2tSJlHHgGIxcei:RIEBryi3FP99QnMe

Score
10/10
lummasmokeloaderbackdoorspywarestealertrojan

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

    • Target

      file.exe

    • Size

      210KB

    • MD5

      cf63f83bf1b8fb15c0bfc835b120b4e1

    • SHA1

      31e0b9e7c195c51d6885d09e12e7305dc6c6bc95

    • SHA256

      ba7571c10be3bf276f9ac556be34fb049b43f63d8558cb29bc9471e56319d7c1

    • SHA512

      126434603f57e5f507a0b55076cba2927275739be717c18ed8bff37474c372819417f33bc253619216f5691cfa830879c60aafb5d8607332306a87540e6f6fda

    • SSDEEP

      3072:RMXWoVyAIJd5pL+3S3FTL5n+2tSJlHHgGIxcei:RIEBryi3FP99QnMe

    Score
    10/10
    smokeloaderbackdoortrojanlummaspywarestealer

    • Detects Smokeloader packer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks