lumma | b15800d9e86b483c3c2473e20255c247c4879c5d9305590b2eb779871bb136fb | Triage

Submit
Reports

Overview

overview

Static

static

3

08335bdd48...15.exe

windows7-x64

7

08335bdd48...15.exe

windows10-2004-x64

Sharing

General

Target

08335bdd48a24722cad27405aa41b915.exe
Size

2.5MB
Sample

231228-hs7x9safgm
MD5

08335bdd48a24722cad27405aa41b915
SHA1

176854b69dfab7ec3520e25f90dbc516ff7672d4
SHA256

b15800d9e86b483c3c2473e20255c247c4879c5d9305590b2eb779871bb136fb
SHA512

4897e5818a582646991560b19c32db33aaf0dada0051bd258d153a4234a648be9b4521079fde3041188ddca74005da36ffbacfee6c25947cda6a61aa6b1f148b
SSDEEP

49152:GDKeuUS/fe2a2AN8jrqXgOWqaSyJYhZcn3uOoaX6uKP5P0z4YxAwuLNKRUqHyuHg:QK5UUeOk8jrqXLyW3yuIQKhSwuRWSaHH

Score

10^/10

lumma redline smokeloader stealc 777 up3 backdoor evasion infostealer persistence stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

08335bdd48a24722cad27405aa41b915.exe

Resource

win7-20231129-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

08335bdd48a24722cad27405aa41b915.exe

Resource

win10v2004-20231222-en

lumma redline smokeloader stealc 777 up3 backdoor evasion infostealer persistence stealer trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://185.215.113.68/fks/index.php

rc4.i32

rc4.i32

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

stealc

C2

http://5.42.66.58

Attributes

url_path
/3886d2276f6914c4.php

rc4.plain

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

777

C2

195.20.16.103:20440

Targets

- Target
  
  08335bdd48a24722cad27405aa41b915.exe
- Size
  
  2.5MB
- MD5
  
  08335bdd48a24722cad27405aa41b915
- SHA1
  
  176854b69dfab7ec3520e25f90dbc516ff7672d4
- SHA256
  
  b15800d9e86b483c3c2473e20255c247c4879c5d9305590b2eb779871bb136fb
- SHA512
  
  4897e5818a582646991560b19c32db33aaf0dada0051bd258d153a4234a648be9b4521079fde3041188ddca74005da36ffbacfee6c25947cda6a61aa6b1f148b
- SSDEEP
  
  49152:GDKeuUS/fe2a2AN8jrqXgOWqaSyJYhZcn3uOoaX6uKP5P0z4YxAwuLNKRUqHyuHg:QK5UUeOk8jrqXLyW3yuIQKhSwuRWSaHH
Score

10^/10

persistence lumma redline smokeloader stealc 777 up3 backdoor evasion infostealer stealer trojan
- Detect Lumma Stealer payload V4
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

lummaredlinesmokeloaderstealc777up3backdoorevasioninfostealerpersistencestealertrojan

© 2018-2024

Terms | Privacy