General

  • Target

    140c4cc35e12d280fd72a61d62e53221.exe

  • Size

    4.0MB

  • Sample

    241031-1ed25svqbn

  • MD5

    140c4cc35e12d280fd72a61d62e53221

  • SHA1

    fe590ab3be434b74f643fbc9972d2f0cc44351d7

  • SHA256

    1e9928ca23eb356b43f03adc13f2c2aa9f7d18a5b832973ebbee5b0a77574022

  • SHA512

    29dc14c1481b15cb3ce7cb7fac9ba72df1a78163d544d454a2612c727e351deef0136880bc0c6042db86fd94bba710422169b9fbb762e7bb7c9c3a3d314cd228

  • SSDEEP

    98304:XLGBD+v2B6JLQBuZwc/nExG4Wu9yeP05dCkAoJ3TFD:XLCav2IGuZ3+59yePvxoHD

Malware Config

Extracted

Family

lumma

C2

https://goalyfeastz.site/api

https://contemteny.site/api

https://dilemmadu.site/api

https://authorisev.site/api

Targets

    • Target

      140c4cc35e12d280fd72a61d62e53221.exe

    • Size

      4.0MB

    • MD5

      140c4cc35e12d280fd72a61d62e53221

    • SHA1

      fe590ab3be434b74f643fbc9972d2f0cc44351d7

    • SHA256

      1e9928ca23eb356b43f03adc13f2c2aa9f7d18a5b832973ebbee5b0a77574022

    • SHA512

      29dc14c1481b15cb3ce7cb7fac9ba72df1a78163d544d454a2612c727e351deef0136880bc0c6042db86fd94bba710422169b9fbb762e7bb7c9c3a3d314cd228

    • SSDEEP

      98304:XLGBD+v2B6JLQBuZwc/nExG4Wu9yeP05dCkAoJ3TFD:XLCav2IGuZ3+59yePvxoHD

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks