lumma | ff616573fb637b94423e48fd46d1c38c4f42f001d10249f6a9544877a99b2296 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

General

Target

ff616573fb637b94423e48fd46d1c38c4f42f001d10249f6a9544877a99b2296
Size

251KB
Sample

230323-j2xz4aed67
MD5

4b69759e59cb6f6d1994bcbe499b9c72
SHA1

3f51d8a510953a1fe183c8cd88274d3d71423a28
SHA256

ff616573fb637b94423e48fd46d1c38c4f42f001d10249f6a9544877a99b2296
SHA512

6265ebac2f6d772ad6263eebd15674a07a57d182081be20b5b49faeb3d08b0c4a8540f1615f6bdb0a587c7f7edb6c1e4ff32d33d8d191e21e03b738722d8aebc
SSDEEP

3072:W4GXazg/9iZLcYbLlrKcPWTE6+7F8y2XuskNinCar5hX2sTUOt1:EM8YbLlmyrJfDLinCOX2s

Score

10^/10

lumma smokeloader sprg backdoor discovery spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

ff616573fb637b94423e48fd46d1c38c4f42f001d10249f6a9544877a99b2296.exe

Resource

win10-20230220-en

lumma smokeloader sprg backdoor discovery spyware stealer trojan

windows10-1703-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

rc4.i32

Targets

- Target
  
  ff616573fb637b94423e48fd46d1c38c4f42f001d10249f6a9544877a99b2296
- Size
  
  251KB
- MD5
  
  4b69759e59cb6f6d1994bcbe499b9c72
- SHA1
  
  3f51d8a510953a1fe183c8cd88274d3d71423a28
- SHA256
  
  ff616573fb637b94423e48fd46d1c38c4f42f001d10249f6a9544877a99b2296
- SHA512
  
  6265ebac2f6d772ad6263eebd15674a07a57d182081be20b5b49faeb3d08b0c4a8540f1615f6bdb0a587c7f7edb6c1e4ff32d33d8d191e21e03b738722d8aebc
- SSDEEP
  
  3072:W4GXazg/9iZLcYbLlrKcPWTE6+7F8y2XuskNinCar5hX2sTUOt1:EM8YbLlmyrJfDLinCOX2s
Score

10^/10

lumma smokeloader sprg backdoor discovery spyware stealer trojan
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Deletes itself
- Executes dropped EXE
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lummasmokeloadersprgbackdoordiscoveryspywarestealertrojan

© 2018-2024

Terms | Privacy