lumma | 3a56cede5489c50f0374966a97ec9d34e6c73ddd474cf60e27420f2c8518d0b4

General

Target

318e83a344502bdb019a63e8149254b4.bin
Size

140KB
Sample

230116-jg7c2afe3v
MD5

515d225160adac1cdec5a5d7eea232b3
SHA1

7d140e82ade11cbd731e65b895ad03c611825160
SHA256

3a56cede5489c50f0374966a97ec9d34e6c73ddd474cf60e27420f2c8518d0b4
SHA512

1ce671e9e19cffff4a902fe0a8601071fe989ec254297b52d106a036ca61316d4b555a6167209f5b4b25b3715c9175316a2002bd633e3f65b6e2bf7941781855
SSDEEP

3072:1zgKS621avNa6ebSgfUEqHrs+tSpaVtLCNnwAMahAGFSf:1bS621R64SgfUEqHNvVwNnwAhjU

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  318e83a344502bdb019a63e8149254b4.bin
- Size
  
  140KB
- MD5
  
  515d225160adac1cdec5a5d7eea232b3
- SHA1
  
  7d140e82ade11cbd731e65b895ad03c611825160
- SHA256
  
  3a56cede5489c50f0374966a97ec9d34e6c73ddd474cf60e27420f2c8518d0b4
- SHA512
  
  1ce671e9e19cffff4a902fe0a8601071fe989ec254297b52d106a036ca61316d4b555a6167209f5b4b25b3715c9175316a2002bd633e3f65b6e2bf7941781855
- SSDEEP
  
  3072:1zgKS621avNa6ebSgfUEqHrs+tSpaVtLCNnwAMahAGFSf:1bS621R64SgfUEqHNvVwNnwAhjU
Score

1^/10
behavioral1 behavioral2
- Target
  
  284de6003fe33af457cd3e4546eaabc3597569a02acc73eac0586c176970b76f.exe
- Size
  
  225KB
- MD5
  
  318e83a344502bdb019a63e8149254b4
- SHA1
  
  5a60aff0f117da4e08f82abdf633b4e1f7bc0469
- SHA256
  
  284de6003fe33af457cd3e4546eaabc3597569a02acc73eac0586c176970b76f
- SHA512
  
  c52b8ff932bc57fd8a92855622c1563c4a36be31a9b3939c310d5fc40e10dd51a2d9a3aab201a33df062fa3886016b0729ba33e05333825f5c6985de88747074
- SSDEEP
  
  3072:3fwp6ntLCMAzGtfFzOAq2b24E7mbUUYtp9ZmXPH8oShwNvuETY3Ox6qQo3:A6tLCfMFzOHg24EqBYn9G8ozxTHk5o
Score

10^/10

smokeloader backdoor trojan lumma collection discovery persistence spyware stealer
- Detects Smokeloader packer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral3 behavioral4