lumma | a9b403f76dce061708266011f3f159152a7f88ad934ec8326f9ec2f4caf7f4f2 | Triage

Submit
Reports

Overview

overview

Static

static

f43afb9e32...98.exe

windows7-x64

f43afb9e32...98.exe

windows10-2004-x64

Sharing

General

Target

f43afb9e320b51fe3b43c2b35317b9ecb20b43b2786f39312a972d2452d20f98
Size

181KB
Sample

230116-h2c49abb79
MD5

481f906464b3c285b9d2a3b06b5c9326
SHA1

b35a2ba32ce5abf58aaf660bae04a08206911dca
SHA256

a9b403f76dce061708266011f3f159152a7f88ad934ec8326f9ec2f4caf7f4f2
SHA512

e38a432973c69aacef6909e7b1a845ac465985fb1bccd3b13f7ca427a5d76e2fb6f5f59db0c7ead97e3dccd50cb83ce21b80142484c168ed7e46bf4b005bf24d
SSDEEP

3072:4kR/DPFycwU5g1527YFTJdbLnF+r8Ij5/GBAffydfPEz79XB9Hel68IU8jVzUAu1:40zFTwsgVJdbza7RXSKzd+l0mz3qNbc/

Score

10^/10

lumma smokeloader backdoor spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

f43afb9e320b51fe3b43c2b35317b9ecb20b43b2786f39312a972d2452d20f98.exe

Resource

win7-20220901-en

smokeloader backdoor trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

f43afb9e320b51fe3b43c2b35317b9ecb20b43b2786f39312a972d2452d20f98.exe

Resource

win10v2004-20220812-en

lumma smokeloader backdoor spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  f43afb9e320b51fe3b43c2b35317b9ecb20b43b2786f39312a972d2452d20f98
- Size
  
  258KB
- MD5
  
  a8ce4ce944ac6514356635fe946d8ff4
- SHA1
  
  10557d7c007468792264f89563b607c6afb125fb
- SHA256
  
  f43afb9e320b51fe3b43c2b35317b9ecb20b43b2786f39312a972d2452d20f98
- SHA512
  
  d04bc629b56a55ed427bef4d4e71a27ec3dbc94b6822ffe0d03cf1d43c4aa0b843c43a68a5d3fc36bbbf570f72eb9b8204b1d2a3ee1568e6a41eb2827784839c
- SSDEEP
  
  3072:qtz5NzRbLdEgdwiYvODvcEtlMQYolj5/GBAffydfPEz9rsu0jaUAZf7q/1iEcaVu:az7zRLdtVYvWzTXSKz9n0+U4zqQna
Score

10^/10

smokeloader backdoor trojan lumma spyware stealer
- Detects Smokeloader packer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

lummasmokeloaderbackdoorspywarestealertrojan

© 2018-2024

Terms | Privacy