General
-
Target
308f667ab1a53edbd74dcdef98fdb8c69d3c2d0a3ce8d55c9f18f5e928674abb
-
Size
133KB
-
Sample
230116-mbhz2ahd4s
-
MD5
a8919bb8707e1bd3151091d4054792f8
-
SHA1
0d2fc5fb1704cbe9b0a1e356db39253e239675c4
-
SHA256
bd4a95599739c3ec1816aeb7ccd54e17a3516587af80884d9798a8efb20a46d6
-
SHA512
d8c14cb0332a9689acdc6eff776a7b1d818750e2c415230d6fdad5ad059e7fde54c7fff94b2b2ca7713f6fdf7581981f4330c23c27c95922c6b7a0e539ae67f2
-
SSDEEP
3072:eDBW+Etp01ZsFaeo/Gjjop6WUOjsw9YptAf6lA88w3ZQiE+5Nr:eDBCtuZWaeo+jjvWUKYptccAhw3ZQ341
Static task
static1
Behavioral task
behavioral1
Sample
308f667ab1a53edbd74dcdef98fdb8c69d3c2d0a3ce8d55c9f18f5e928674abb.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
308f667ab1a53edbd74dcdef98fdb8c69d3c2d0a3ce8d55c9f18f5e928674abb.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
lumma
77.73.134.68
Targets
-
-
Target
308f667ab1a53edbd74dcdef98fdb8c69d3c2d0a3ce8d55c9f18f5e928674abb
-
Size
210KB
-
MD5
e9090853ebfa9e70a1e0fab65e348bd5
-
SHA1
eba6b6894ec013d8cc4ce791150de1be61ec9fe0
-
SHA256
308f667ab1a53edbd74dcdef98fdb8c69d3c2d0a3ce8d55c9f18f5e928674abb
-
SHA512
5afd7ca05af9c92c699b33bc4c7e5530cd8b44b5fdaf35b442981ae716b77c74ec0346a0ca452e796a2f2a73227ed6d60827f85368632b36a898b95c7c2a3f3c
-
SSDEEP
3072:CYXDd+LSr8Gyd5BsGBbzSUOjsw9YptAf6loqZuT8ti:CsWSRPcSUKYptccodT8
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-