General
-
Target
c927c73e4d841ba862c5b59614f352916e5fe7cda21e15981fbe76962f96ee8b.exe
-
Size
1.8MB
-
Sample
241013-hfjd5stdlg
-
MD5
f907ac2973a366e9e85859704efb6e28
-
SHA1
0757b009e011b058055685bfa1bda242d3ed1d29
-
SHA256
c927c73e4d841ba862c5b59614f352916e5fe7cda21e15981fbe76962f96ee8b
-
SHA512
2bdcda19c5554d681404f82045268dce78c005cc626067b811072fbdda6d957ca44dc0abc304971c52e6dd84ec03b7129b77e8488bf7d7318db744041b3cc68e
-
SSDEEP
24576:8c4/BPEtrqY1YcJTfsPOIEU0dtqLtWiawYAU3YtncyOs9BX0LSFFYBMU3SutJ0n0:8zZo1Yif1dj2UiUYtpOA+4FFtmJ0n
Malware Config
Extracted
lumma
https://clearancek.site
https://licendfilteo.site
https://spirittunek.store
https://bathdoomgaz.store
https://studennotediw.store
https://dissapoiznw.store
https://eaglepawnoy.store
https://mobbipenju.store
Targets
-
-
Target
c927c73e4d841ba862c5b59614f352916e5fe7cda21e15981fbe76962f96ee8b.exe
-
Size
1.8MB
-
MD5
f907ac2973a366e9e85859704efb6e28
-
SHA1
0757b009e011b058055685bfa1bda242d3ed1d29
-
SHA256
c927c73e4d841ba862c5b59614f352916e5fe7cda21e15981fbe76962f96ee8b
-
SHA512
2bdcda19c5554d681404f82045268dce78c005cc626067b811072fbdda6d957ca44dc0abc304971c52e6dd84ec03b7129b77e8488bf7d7318db744041b3cc68e
-
SSDEEP
24576:8c4/BPEtrqY1YcJTfsPOIEU0dtqLtWiawYAU3YtncyOs9BX0LSFFYBMU3SutJ0n0:8zZo1Yif1dj2UiUYtpOA+4FFtmJ0n
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2