Overview

overview

10

Static

static

e23f4ad89e...2d.exe

windows7-x64

10

e23f4ad89e...2d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e23f4ad89ec5f09cfc475f14349bcc6aeaa73f3aaa231db43d4cb6650fb2462d

  • Size

    180KB

  • Sample

    230116-h4hgrabc43

  • MD5

    6aa8662213d40177d8d2900061f69cee

  • SHA1

    14ada42f9c6255d6b0349ff539f7c46c93eb3d20

  • SHA256

    49ac8e4a898376ce13712dcad6434497543edf035e8e371424b1d0a009a9a3f7

  • SHA512

    be3d2f0fad922131e65d74c1a499c29e8b3739614fb7369e5e58ec915a5f05d8c34d716e573ddf293ac132d70fdcd3be3c73e22752904729887ccd257b97845a

  • SSDEEP

    3072:mQ9bFojMumQ3UotRzAO1MtdJarkmHQycQy7ha6kisV89/7bTKS4O8tGpJtiHzfan:m02iQ3UobCtdJahHQ2sY6ku/GS3rpSzi

Score
10/10
lummasmokeloaderbackdoorspywarestealertrojan

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

    • Target

      e23f4ad89ec5f09cfc475f14349bcc6aeaa73f3aaa231db43d4cb6650fb2462d

    • Size

      257KB

    • MD5

      6d39a370d5b7ed1cd987b61adc89f25d

    • SHA1

      0484fb54f0eb45a4c2fc4e3fa9e647353024f482

    • SHA256

      e23f4ad89ec5f09cfc475f14349bcc6aeaa73f3aaa231db43d4cb6650fb2462d

    • SHA512

      f6fc10e8b6c848afb2bf5ac38ebfb95416f75316ce12a12977aca108cb8101c3f6bfaa5f3ff90a86e9fa62c84c3d3ee729aeff66a4847863e05b55fb4b92c788

    • SSDEEP

      6144:ILfHALaKffiAxSYBuAwoQ2sY6nlc/SU4zqQna:ILfgWKf6A4YBftQtY6lGSFP

    Score
    10/10
    smokeloaderbackdoortrojanlummaspywarestealer

    • Detects Smokeloader packer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks