General
-
Target
d708c20c802eb0cd32e396585a88b761f76bb767a8bb5a2ce60d58499ad7aca1
-
Size
133KB
-
Sample
230116-lxpt2adc62
-
MD5
668b17e3ded4480956fda62bde0375c3
-
SHA1
bbcb235700e3a22a687e456c346f3f2e8c907d07
-
SHA256
b9d365f8e01cb3b33d49a739a5f53f956fb537a78026d800230d9cab76fad639
-
SHA512
304272652a6a31a610d9f513cccc889b006b628b669136c605826dca8c121f9c8e48d6b75598372ded355a03570d551500578915cdb9fd1073c8c00f087dcd9c
-
SSDEEP
3072:n1sfK2Kd5PDKpuGJv+AEMfxwwbk37noJgWWC9ETslsjcu1:1tPDpGoqfxwwbsgglC95lsgu1
Static task
static1
Behavioral task
behavioral1
Sample
d708c20c802eb0cd32e396585a88b761f76bb767a8bb5a2ce60d58499ad7aca1.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
d708c20c802eb0cd32e396585a88b761f76bb767a8bb5a2ce60d58499ad7aca1.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
lumma
77.73.134.68
Targets
-
-
Target
d708c20c802eb0cd32e396585a88b761f76bb767a8bb5a2ce60d58499ad7aca1
-
Size
210KB
-
MD5
f9d5547d2b90217299de74cdce89c333
-
SHA1
0877d2eff69060fcb0ec06b7111d98cb1061be3f
-
SHA256
d708c20c802eb0cd32e396585a88b761f76bb767a8bb5a2ce60d58499ad7aca1
-
SHA512
b65da968ba9ab32346fea2ec1f9e590611e49a8f357946fae3c2c997ce9b22b8e51bdd286c1fcfe489d7964dbefaaf70081bf5404d3339b9378d90efde0b7644
-
SSDEEP
1536:TYQukbw0XBPu2+fYkFprewBYwPRjlEf5Zd5Tx4t4qHcuTuoLlJAhCLYnoJbUuiyj:TYXWwY+R+d5Q7TLk7noJgWFCfsJ+ri
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-