General
-
Target
8a13c6e39dc4ca5a2368efd2d0a9fdad9f08898836aa6dca215913038819e0d1.exe
-
Size
1.8MB
-
Sample
241013-bvt1vssclh
-
MD5
afb9dcc0aa332a544a4d456ca69c5756
-
SHA1
647b534700b635e25fcd686815dce09d60a9c373
-
SHA256
8a13c6e39dc4ca5a2368efd2d0a9fdad9f08898836aa6dca215913038819e0d1
-
SHA512
5bc5344670cbf8f65c56bd19c51e92208c331c34863352bd31703e0cd75229fb15cdd22374a801c570ea5ef1fca2334f39186644aa40943b6c1f5c1c9827ae16
-
SSDEEP
49152:vuxOEj4tzhR2yWn1DaUMC4e0TLsbC6nBDQrGNT+fop:NEj4tzGunRMT6rGi4
Malware Config
Extracted
lumma
https://clearancek.site
https://licendfilteo.site
https://spirittunek.store
https://bathdoomgaz.store
https://studennotediw.store
https://dissapoiznw.store
https://eaglepawnoy.store
https://mobbipenju.store
Targets
-
-
Target
8a13c6e39dc4ca5a2368efd2d0a9fdad9f08898836aa6dca215913038819e0d1.exe
-
Size
1.8MB
-
MD5
afb9dcc0aa332a544a4d456ca69c5756
-
SHA1
647b534700b635e25fcd686815dce09d60a9c373
-
SHA256
8a13c6e39dc4ca5a2368efd2d0a9fdad9f08898836aa6dca215913038819e0d1
-
SHA512
5bc5344670cbf8f65c56bd19c51e92208c331c34863352bd31703e0cd75229fb15cdd22374a801c570ea5ef1fca2334f39186644aa40943b6c1f5c1c9827ae16
-
SSDEEP
49152:vuxOEj4tzhR2yWn1DaUMC4e0TLsbC6nBDQrGNT+fop:NEj4tzGunRMT6rGi4
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2