lumma | f6e95952e81342fa9cc372254d14ca93a7adda8ecf77cbf2ca4d8226dd36a92c

General

Target

f6e95952e81342fa9cc372254d14ca93a7adda8ecf77cbf2ca4d8226dd36a92c
Size

241KB
Sample

240416-3zrvvaga36
MD5

a7a5dae3aa5eae5ad11274237e907009
SHA1

da2bee687f4d91f11ae65ea618a54bace452c9d1
SHA256

f6e95952e81342fa9cc372254d14ca93a7adda8ecf77cbf2ca4d8226dd36a92c
SHA512

b888c8868a72388f97287b3fe88060f7aed809cdd67d98dd10117b6ef3e1d436b11d871049644f3189d04abba6692f4a453d646b8a45548b08220e85c8454c5b
SSDEEP

3072:xmLy2/2aSLQscL19RJsqU8KiK1pyo5OzvZFgv3Ob:cLy2/7FsU1tsqU85KMTZFgv3U

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php

rc4.i32

Extracted

Family

redline

Botnet

LogsDiller Cloud (Telegram: @logsdillabot)

C2

5.42.65.50:33080

Extracted

Family

lumma

C2

https://greetclassifytalk.shop/api

https://entitlementappwo.shop/api

https://economicscreateojsu.shop/api

https://pushjellysingeywus.shop/api

https://absentconvicsjawun.shop/api

https://suitcaseacanehalk.shop/api

https://bordersoarmanusjuw.shop/api

https://mealplayerpreceodsju.shop/api

https://wifeplasterbakewis.shop/api

Targets

- Target
  
  f6e95952e81342fa9cc372254d14ca93a7adda8ecf77cbf2ca4d8226dd36a92c
- Size
  
  241KB
- MD5
  
  a7a5dae3aa5eae5ad11274237e907009
- SHA1
  
  da2bee687f4d91f11ae65ea618a54bace452c9d1
- SHA256
  
  f6e95952e81342fa9cc372254d14ca93a7adda8ecf77cbf2ca4d8226dd36a92c
- SHA512
  
  b888c8868a72388f97287b3fe88060f7aed809cdd67d98dd10117b6ef3e1d436b11d871049644f3189d04abba6692f4a453d646b8a45548b08220e85c8454c5b
- SSDEEP
  
  3072:xmLy2/2aSLQscL19RJsqU8KiK1pyo5OzvZFgv3Ob:cLy2/7FsU1tsqU85KMTZFgv3U
Score

10^/10

lumma redline smokeloader xmrig logsdiller cloud (telegram: @logsdillabot)pub1 backdoor discovery evasion infostealer miner persistence spyware stealer themida trojan upx vmprotect
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Creates new service(s)
  persistence
- Downloads MZ/PE file
- Modifies Installed Components in the registry
  persistence
- Stops running service(s)
  evasion
- Deletes itself
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2