General
-
Target
b911e05ddb9ab5b9862d911c54299302b3b9e653dbf67046b6e05e3b1d86e524
-
Size
161KB
-
Sample
240417-qg2wwaad9z
-
MD5
557839fc5ebfba56af8a833a52faf104
-
SHA1
bcf2453601cbc92ca1b800625addff11891113f6
-
SHA256
b911e05ddb9ab5b9862d911c54299302b3b9e653dbf67046b6e05e3b1d86e524
-
SHA512
0db851548a177550c2f4d3c682e7db3c01b51cbab302f46fb6036f79d64540218d9e56d466413862f4a0921ea9491bab1932ff6208f8f6c6058217479245c102
-
SSDEEP
3072:/98Z8+4inWhEIF49trWiBhoP9NORvVCD8HkxYZ7/AVkwL5Jv2:/9yTWWX9tBglNOdVCD8HcYZTjwLzv2
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://trad-einmyus.com/index.php
http://tradein-myus.com/index.php
http://trade-inmyus.com/index.php
Extracted
lumma
https://greetclassifytalk.shop/api
https://entitlementappwo.shop/api
https://economicscreateojsu.shop/api
https://pushjellysingeywus.shop/api
https://absentconvicsjawun.shop/api
https://suitcaseacanehalk.shop/api
https://bordersoarmanusjuw.shop/api
https://mealplayerpreceodsju.shop/api
https://wifeplasterbakewis.shop/api
Targets
-
-
Target
20bade08687a1356c343a70a124e7441aa3f2c1824f50b77e552421ee61c3ba3.exe
-
Size
312KB
-
MD5
540326cdda418bc16b3ef5eb9f14b24a
-
SHA1
15085220874365e6c95cb501c7973fc34d9eb7fd
-
SHA256
20bade08687a1356c343a70a124e7441aa3f2c1824f50b77e552421ee61c3ba3
-
SHA512
e9aa792cffd04362c0b64cdbe5d8ca04a6180f40f561376f4e825f6d290dca3742cdff783e7550b3815302d5b75d2846771815e3c8e22117019f39ec997da86b
-
SSDEEP
3072:PfQrW+DOwR/lV+ZYY+EXd839mWsmBz6rHXUYznNuOuK:mGSVO1W39rFz6zXUY7cI
Score10/10-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Deletes itself
-
Executes dropped EXE
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Legitimate hosting services abused for malware hosting/C2
-