General

  • Target

    a105e53b26d14ee11b4099ca980c3a66.bin

  • Size

    6.0MB

  • Sample

    240116-dwzc3sdbc5

  • MD5

    c2795a045eeba06494145823c6929a6a

  • SHA1

    7825145cf3e0a66e9534b661fc17318f30cb3bdf

  • SHA256

    b0e34d0561a6b7b89f55141b47cabacdea722767f9d64e141c0f3f73ecf881c9

  • SHA512

    78dfd86e55277cc985ccc2fcce9e3cdf28ef07bc2bb918c11049df2a05e2781e393a9e8a0b1cdf57fddfab1711fe85bbeab98f048a6fbb6400c1e2b6a3e1b9da

  • SSDEEP

    196608:6S3w8l1mYK6OHxFKqpjYxZYVXW+5NKUqgUcx:P3xlsYKJyq+ZX+GIUcx

Malware Config

Extracted

Family

lumma

C2

https://goddirtybrilliancece.fun/api

Targets

    • Target

      516fdf7133fbdf91f3cc3ced81bef7ea2c44e18bc2c132c64805b424664f3e0c.exe

    • Size

      6.2MB

    • MD5

      a105e53b26d14ee11b4099ca980c3a66

    • SHA1

      3401dacbb0c70761ca17b05669e7d45adcfe5c94

    • SHA256

      516fdf7133fbdf91f3cc3ced81bef7ea2c44e18bc2c132c64805b424664f3e0c

    • SHA512

      1c2fb1e52179cc54b67ad34ca990d612862b0cb2cc63b28c110b2448221d72131ad70cb4043ab566a0eb01626216ba3f036dcdb868a2c27ef67207cb3c23cfde

    • SSDEEP

      196608:uXaNgTf9diZv0BM4rd9zCpBYKP7I/KlSPaM:uRTf20zrvzCnYe7I/KlCaM

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks