General
-
Target
37c3ae28ca121fcfab6d67fbaded71bd.bin
-
Size
139KB
-
Sample
230116-jhjy5afe3y
-
MD5
b913746d0ad3e1ffa20e8b9005b70036
-
SHA1
ec84a08a22b141b9a1b079ba4dc560667217062d
-
SHA256
3cf53784f9b2e28697c85914904080fb6f815bd1e45e62c164878777cd0494ba
-
SHA512
6ee49a9c1d32566dc4ac402b4372ee593f030d082a721a09d37118cadfbbad26f0e4667f37ac021511dff7ed36fb2a00590798bb3770575f3b06aa26607640bf
-
SSDEEP
3072:kBYlOZW2UJYp2UD1bhfNUlNKHWxC2RpBX4naa6r8G2Lj:CkYpPHfNUljxC2boDLj
Malware Config
Extracted
lumma
77.73.134.68
Targets
-
-
Target
db53d1d27093b52d6771611aad71594c6dae516160f5e559f6972e9b438203dd.exe
-
Size
225KB
-
MD5
37c3ae28ca121fcfab6d67fbaded71bd
-
SHA1
cf239854e511823772c378f53ba5b0aeec8f55b8
-
SHA256
db53d1d27093b52d6771611aad71594c6dae516160f5e559f6972e9b438203dd
-
SHA512
7ff4c72d865ba0220d4788d59e33c8bc977bdc1f714e7ae81bfdd648a4bf8d4043a217ca7efd8aaf14a3343151a638c11561cfc66d261cf6c66e33bfa4a7b06d
-
SSDEEP
3072:D58L2AmKZNw1YF4qU67HPB/tHGWzlXPH8oSuBy79Y3Ox6qQo3:d8L201F4169/tHFN8o7BW9Hk5o
Score10/10-
Detects Smokeloader packer
-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-