General
-
Target
98fa0e17ea818e689331e5e1396d5e71aa9f8faadb0268ef56def6604f5ca054
-
Size
1.8MB
-
Sample
241014-fpmrtatfkj
-
MD5
a99c5b695af2f3ccb3a25a076a109e3c
-
SHA1
b6184320fee2973c848f47a8eb5bbe297e0105e2
-
SHA256
98fa0e17ea818e689331e5e1396d5e71aa9f8faadb0268ef56def6604f5ca054
-
SHA512
6849371a2b2db72ab62559a3e3438da77ffebf06b799e8b120650a0cbfb40a85383179f559c2c09225ae3147941acc51e0f8926f3cf3ae5ec5c3f96e5a3a89b5
-
SSDEEP
49152:8EBU/0b3WSMuQs0VW4ihPcVqlPgRwkAD4Bk7/aG:88ex7ZihPcwlStXE
Malware Config
Extracted
lumma
https://clearancek.site
https://licendfilteo.site
https://spirittunek.store
https://bathdoomgaz.store
https://studennotediw.store
https://dissapoiznw.store
https://eaglepawnoy.store
https://mobbipenju.store
Targets
-
-
Target
98fa0e17ea818e689331e5e1396d5e71aa9f8faadb0268ef56def6604f5ca054
-
Size
1.8MB
-
MD5
a99c5b695af2f3ccb3a25a076a109e3c
-
SHA1
b6184320fee2973c848f47a8eb5bbe297e0105e2
-
SHA256
98fa0e17ea818e689331e5e1396d5e71aa9f8faadb0268ef56def6604f5ca054
-
SHA512
6849371a2b2db72ab62559a3e3438da77ffebf06b799e8b120650a0cbfb40a85383179f559c2c09225ae3147941acc51e0f8926f3cf3ae5ec5c3f96e5a3a89b5
-
SSDEEP
49152:8EBU/0b3WSMuQs0VW4ihPcVqlPgRwkAD4Bk7/aG:88ex7ZihPcwlStXE
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2