lumma | fb1ffaae3a51951679c5b7734fd07895e2b29088a3d6437f7f3acd3fbf6386f4 | Triage

Submit
Reports

Overview

overview

Static

static

6ca5c9a22c...9e.exe

windows7-x64

6ca5c9a22c...9e.exe

windows10-2004-x64

Sharing

General

Target

6ca5c9a22c5917d0a429c64601bdc9014425ec20463e2a90c1c1a7317e397c9e
Size

133KB
Sample

230116-l33yvahc2s
MD5

a553660e5b394a22559411a0d6a28a4d
SHA1

aea7bdff430275fe4b383d79a63fe749b4386ba1
SHA256

fb1ffaae3a51951679c5b7734fd07895e2b29088a3d6437f7f3acd3fbf6386f4
SHA512

d5360a6181082c2dd55f560c045d3cbe041de4975fdaeb7b18831bd530ad1151ccf8d48f7024fd5bc118f71ca6205aa0cad831f2ec29fdc5015093aa4f78c2e4
SSDEEP

3072:3NJ+uwfiiAs/PnQssLG0PPCm8RylCnOjuzncezc/qS0CXd9gtO:3u9fRrQsa8QsnXzbzc/qS0CN9J

Score

10^/10

lumma smokeloader backdoor spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

6ca5c9a22c5917d0a429c64601bdc9014425ec20463e2a90c1c1a7317e397c9e.exe

Resource

win7-20220901-en

smokeloader backdoor trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

6ca5c9a22c5917d0a429c64601bdc9014425ec20463e2a90c1c1a7317e397c9e.exe

Resource

win10v2004-20221111-en

lumma smokeloader backdoor spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  6ca5c9a22c5917d0a429c64601bdc9014425ec20463e2a90c1c1a7317e397c9e
- Size
  
  210KB
- MD5
  
  6a0c02d75b060ef9fee6cb9c6d6d2a7d
- SHA1
  
  686f49a408d80ef700393a2ccf523c1a7223f1b4
- SHA256
  
  6ca5c9a22c5917d0a429c64601bdc9014425ec20463e2a90c1c1a7317e397c9e
- SHA512
  
  cc1513c8f17bfa152a036be33e1cfeca00dfc6af297c793463e8160af65e242f7b8998ea0ee1947cecf75f82b50930da02395ffa6a0cbdc61ff5c652c8ecdaca
- SSDEEP
  
  3072:PYXWECROUQJd5/oOe7Q3hC8CnOjuzncezcX69i:PstUQnekEnXzbzcq
Score

10^/10

smokeloader backdoor trojan lumma spyware stealer
- Detects Smokeloader packer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

lummasmokeloaderbackdoorspywarestealertrojan

© 2018-2024

Terms | Privacy