lumma | 7509ea45ab058a6242b876415a9bfdc5b7457e2b9855eea7c3c363e0cb80e86f | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

7509ea45ab058a6242b876415a9bfdc5b7457e2b9855eea7c3c363e0cb80e86f
Size

250KB
Sample

230323-lhhr6sgf8w
MD5

27347c06e249accdd820c1ea70008c8b
SHA1

69800d4b0163d6d33f33198b0efd9391a39b4c64
SHA256

7509ea45ab058a6242b876415a9bfdc5b7457e2b9855eea7c3c363e0cb80e86f
SHA512

5ffa342a7cc6c5603214f9a74596779137ea3edcab513807c3bfbf5090e4c48e9e885f4c32d5d4c2bfd050559bc9d53138a19f477f5f7487930ec5db16e6f7ee
SSDEEP

3072:Y8Oaz0PfBrE1cYpLVr6T9abxY7w1isW754uXiRAElR0XPO5h84K49:sM4YpLVW0beQK75XiRA1Cr

Score

10^/10

lumma smokeloader sprg backdoor discovery spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

7509ea45ab058a6242b876415a9bfdc5b7457e2b9855eea7c3c363e0cb80e86f.exe

Resource

win10v2004-20230220-en

lumma smokeloader sprg backdoor discovery spyware stealer trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

rc4.i32

Targets

- Target
  
  7509ea45ab058a6242b876415a9bfdc5b7457e2b9855eea7c3c363e0cb80e86f
- Size
  
  250KB
- MD5
  
  27347c06e249accdd820c1ea70008c8b
- SHA1
  
  69800d4b0163d6d33f33198b0efd9391a39b4c64
- SHA256
  
  7509ea45ab058a6242b876415a9bfdc5b7457e2b9855eea7c3c363e0cb80e86f
- SHA512
  
  5ffa342a7cc6c5603214f9a74596779137ea3edcab513807c3bfbf5090e4c48e9e885f4c32d5d4c2bfd050559bc9d53138a19f477f5f7487930ec5db16e6f7ee
- SSDEEP
  
  3072:Y8Oaz0PfBrE1cYpLVr6T9abxY7w1isW754uXiRAElR0XPO5h84K49:sM4YpLVW0beQK75XiRA1Cr
Score

10^/10

lumma smokeloader sprg backdoor discovery spyware stealer trojan
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lummasmokeloadersprgbackdoordiscoveryspywarestealertrojan

© 2018-2024

Terms | Privacy