Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cdd8083cd19e16e2684188850142399fe9e0b546f986aa56a520a2d0a481446f

  • Size

    258KB

  • Sample

    230116-j4ypeaca79

  • MD5

    ce4d81b9eae32702f7d36fef3a11d4e4

  • SHA1

    e2b39a9b44b860b53b2843a2d7608365cfcf38fb

  • SHA256

    cdd8083cd19e16e2684188850142399fe9e0b546f986aa56a520a2d0a481446f

  • SHA512

    fbfded2ca180c42a282b747a24b0e323be83cbb790b740cf24b3801e1164056041f19c1363dba532c68030b428b15bdf8b05ce89ebba3d69c913b224bf982e18

  • SSDEEP

    6144:GCu1sFLzC0eQJwQABVSmONIk/qtCOWaGC/U4zqQna:GCu1qHC/Q9kSmxVbj/FP

Score
10/10
lummarhadamanthyssmokeloaderbackdoorspywarestealertrojan

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

    • Target

      cdd8083cd19e16e2684188850142399fe9e0b546f986aa56a520a2d0a481446f

    • Size

      258KB

    • MD5

      ce4d81b9eae32702f7d36fef3a11d4e4

    • SHA1

      e2b39a9b44b860b53b2843a2d7608365cfcf38fb

    • SHA256

      cdd8083cd19e16e2684188850142399fe9e0b546f986aa56a520a2d0a481446f

    • SHA512

      fbfded2ca180c42a282b747a24b0e323be83cbb790b740cf24b3801e1164056041f19c1363dba532c68030b428b15bdf8b05ce89ebba3d69c913b224bf982e18

    • SSDEEP

      6144:GCu1sFLzC0eQJwQABVSmONIk/qtCOWaGC/U4zqQna:GCu1qHC/Q9kSmxVbj/FP

    Score
    10/10
    lummarhadamanthyssmokeloaderbackdoorspywarestealertrojan

    • Detect rhadamanthys stealer shellcode

    • Detects Smokeloader packer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks