lumma | cc7d98da7930799936b4d026ea13e2d5023faa9b26f97b482662d5dab138cc4d | Triage

Submit
Reports

Overview

overview

Static

static

18dc8fac23...d3.exe

windows7-x64

18dc8fac23...d3.exe

windows10-2004-x64

Sharing

General

Target

18dc8fac237e8cb22397fe44f64c54863b4ed5f490042d759689d149856b8dd3
Size

133KB
Sample

230116-kcfj7aga7z
MD5

ba10897989cc6232f77991df150d458c
SHA1

b3429bbf69a1d51359866f580a4f1301d0542403
SHA256

cc7d98da7930799936b4d026ea13e2d5023faa9b26f97b482662d5dab138cc4d
SHA512

a40cc211422f599e1c2da5f94eb9085601e7c15df554f3eacc42beead42099ed211c3d8e6143a2c2c754a313bfae0f267fe717fbcb221b25b23c0e3495be7163
SSDEEP

3072:ZA/Ln4/q9SiZzDXueT1xjSM62CxYXSsYcDyGwZ/:ZA/s3iBeo62CxYXS2i9

Score

10^/10

lumma smokeloader backdoor spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

18dc8fac237e8cb22397fe44f64c54863b4ed5f490042d759689d149856b8dd3.exe

Resource

win7-20221111-en

smokeloader backdoor trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

18dc8fac237e8cb22397fe44f64c54863b4ed5f490042d759689d149856b8dd3.exe

Resource

win10v2004-20220812-en

lumma smokeloader backdoor spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  18dc8fac237e8cb22397fe44f64c54863b4ed5f490042d759689d149856b8dd3
- Size
  
  210KB
- MD5
  
  ebd42ae578479719653b35c33554ccc5
- SHA1
  
  da79aceadb98f5198c218438e1ff13900b206ec9
- SHA256
  
  18dc8fac237e8cb22397fe44f64c54863b4ed5f490042d759689d149856b8dd3
- SHA512
  
  0eaf3f62705ddab16e14a077bc29c52b22a99dd9b2212dcd0aeec9d92843b79b65bdde3b14a9170fc424aace760a6c80970916547039fa697814e7be639c1f12
- SSDEEP
  
  1536:gMQuk7EPCnpn2XcxezpkQYCPt9ldnXEp6Zd5X581Z1EnVx7C0NDuYHCx3IkwLuTy:gMXWEo+/hd5p73762CxYXSNti
Score

10^/10

smokeloader backdoor trojan lumma spyware stealer
- Detects Smokeloader packer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

lummasmokeloaderbackdoorspywarestealertrojan

© 2018-2024

Terms | Privacy