General
-
Target
27f04984e78b3ea1c34863e4a68b97f41e657b63e4e380d30e156c671da33b30.exe
-
Size
1.8MB
-
Sample
241014-mr2gbaybrn
-
MD5
8569897ee9443f5c627e6d2ad2bb77f5
-
SHA1
da43149c0ef35db63b1a5e14848c215883fa39d1
-
SHA256
27f04984e78b3ea1c34863e4a68b97f41e657b63e4e380d30e156c671da33b30
-
SHA512
675120e788e8cd5b2c24f9c5ee8958609f5739c60624c0946c83ce1c68fb8a7779e2b17c2856b8451120ce1ca48b75612fdad410a73f33a731ce1b1dccd5ed8f
-
SSDEEP
49152:xaP7Jgyi2n4pJP3qClkhj99Z87+yDTGJPJf:xy7CioPlaj9b879eJPJf
Malware Config
Extracted
lumma
https://clearancek.site
https://licendfilteo.site
https://spirittunek.store
https://bathdoomgaz.store
https://studennotediw.store
https://dissapoiznw.store
https://eaglepawnoy.store
https://mobbipenju.store
Targets
-
-
Target
27f04984e78b3ea1c34863e4a68b97f41e657b63e4e380d30e156c671da33b30.exe
-
Size
1.8MB
-
MD5
8569897ee9443f5c627e6d2ad2bb77f5
-
SHA1
da43149c0ef35db63b1a5e14848c215883fa39d1
-
SHA256
27f04984e78b3ea1c34863e4a68b97f41e657b63e4e380d30e156c671da33b30
-
SHA512
675120e788e8cd5b2c24f9c5ee8958609f5739c60624c0946c83ce1c68fb8a7779e2b17c2856b8451120ce1ca48b75612fdad410a73f33a731ce1b1dccd5ed8f
-
SSDEEP
49152:xaP7Jgyi2n4pJP3qClkhj99Z87+yDTGJPJf:xy7CioPlaj9b879eJPJf
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-