General
-
Target
318e83a344502bdb019a63e8149254b4.bin
-
Size
140KB
-
Sample
230116-jg7c2afe3v
-
MD5
515d225160adac1cdec5a5d7eea232b3
-
SHA1
7d140e82ade11cbd731e65b895ad03c611825160
-
SHA256
3a56cede5489c50f0374966a97ec9d34e6c73ddd474cf60e27420f2c8518d0b4
-
SHA512
1ce671e9e19cffff4a902fe0a8601071fe989ec254297b52d106a036ca61316d4b555a6167209f5b4b25b3715c9175316a2002bd633e3f65b6e2bf7941781855
-
SSDEEP
3072:1zgKS621avNa6ebSgfUEqHrs+tSpaVtLCNnwAMahAGFSf:1bS621R64SgfUEqHNvVwNnwAhjU
Static task
static1
Behavioral task
behavioral1
Sample
318e83a344502bdb019a63e8149254b4.zip
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
318e83a344502bdb019a63e8149254b4.zip
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
284de6003fe33af457cd3e4546eaabc3597569a02acc73eac0586c176970b76f.exe
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
284de6003fe33af457cd3e4546eaabc3597569a02acc73eac0586c176970b76f.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
lumma
77.73.134.68
Targets
-
-
Target
318e83a344502bdb019a63e8149254b4.bin
-
Size
140KB
-
MD5
515d225160adac1cdec5a5d7eea232b3
-
SHA1
7d140e82ade11cbd731e65b895ad03c611825160
-
SHA256
3a56cede5489c50f0374966a97ec9d34e6c73ddd474cf60e27420f2c8518d0b4
-
SHA512
1ce671e9e19cffff4a902fe0a8601071fe989ec254297b52d106a036ca61316d4b555a6167209f5b4b25b3715c9175316a2002bd633e3f65b6e2bf7941781855
-
SSDEEP
3072:1zgKS621avNa6ebSgfUEqHrs+tSpaVtLCNnwAMahAGFSf:1bS621R64SgfUEqHNvVwNnwAhjU
Score1/10 -
-
-
Target
284de6003fe33af457cd3e4546eaabc3597569a02acc73eac0586c176970b76f.exe
-
Size
225KB
-
MD5
318e83a344502bdb019a63e8149254b4
-
SHA1
5a60aff0f117da4e08f82abdf633b4e1f7bc0469
-
SHA256
284de6003fe33af457cd3e4546eaabc3597569a02acc73eac0586c176970b76f
-
SHA512
c52b8ff932bc57fd8a92855622c1563c4a36be31a9b3939c310d5fc40e10dd51a2d9a3aab201a33df062fa3886016b0729ba33e05333825f5c6985de88747074
-
SSDEEP
3072:3fwp6ntLCMAzGtfFzOAq2b24E7mbUUYtp9ZmXPH8oShwNvuETY3Ox6qQo3:A6tLCfMFzOHg24EqBYn9G8ozxTHk5o
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-