General
-
Target
6d3075ce0ca67b14fe556455ccec4815eed14ede3e39bcba434f8c6b3a5b2089
-
Size
133KB
-
Sample
230116-nf8xpaeb73
-
MD5
97bde0d0ef2cb3ef6bead5c207259e93
-
SHA1
1582940762084a50cc012e3a8ef7e665c6492e25
-
SHA256
21f9dd30abf432f1b4f255159d5a1931041c932e6765ac3857c3a51ecad23804
-
SHA512
c0fe7f0db6eef160f46cce123c0b61bc9f45ff3c7d5c340a63b445aeec40e409d8ef61c0aea4608fdee415f72b1399ffe110d885920eb22d0cd8d6336dd5844d
-
SSDEEP
3072:9GN2NlQ7+EMe6CkQu1wBKQWEnJIMF3UuOrTMYB1:F4SEr6CkKRWEJPF3UuWFn
Static task
static1
Behavioral task
behavioral1
Sample
6d3075ce0ca67b14fe556455ccec4815eed14ede3e39bcba434f8c6b3a5b2089.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
6d3075ce0ca67b14fe556455ccec4815eed14ede3e39bcba434f8c6b3a5b2089.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
lumma
77.73.134.68
Targets
-
-
Target
6d3075ce0ca67b14fe556455ccec4815eed14ede3e39bcba434f8c6b3a5b2089
-
Size
209KB
-
MD5
7ed3fbe353dd839ffdec24d0b1abdcf4
-
SHA1
415e5a993e2b166ca21d93a00dfc6878fa003fc6
-
SHA256
6d3075ce0ca67b14fe556455ccec4815eed14ede3e39bcba434f8c6b3a5b2089
-
SHA512
62b5db023f79cf284f15beddaad88923be5eae5502040c477e6fe6c4ad233b63459f977d77939f65da55c0b21b1946c44467191b3f2977fd34ae4fe4a20c95bb
-
SSDEEP
3072:a0CXmGkUsi+9Fd54S8W63HnJIMF3UuSdPgti:a0Cexi+LqHJPF3Uu+g
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-