General

  • Target

    file.exe

  • Size

    2.9MB

  • Sample

    241031-bgm1dswbnh

  • MD5

    b46936cffdc42cdae5d2ac630d4d2ea3

  • SHA1

    a87e810985eb35b5350808a3adc7deb93971b454

  • SHA256

    d002a44cf998112f91a5a11bfde4320ab66cd0d21bab15b908827165df5b4fb6

  • SHA512

    8fec7fa2abd7d023224f57d27a843cd742aa5fdc988dcd353e679fc360bdc8da4e2f1bd75ea42c09f63a67f4f077633172620eb4909b3ed218b5b060f50511fe

  • SSDEEP

    24576:1Mhgt9ax/IZHpQjwUKKDGlRfq25v4hSmtafwLf/zVCHXhBo6+t4PnRzx+OZunF/p:1MS2x/SHp8AsS8a0KNPRx+OsBdCUwe/

Malware Config

Extracted

Family

lumma

C2

https://necklacedmny.store/api

https://founpiuer.store/api

https://navygenerayk.store/api

Targets

    • Target

      file.exe

    • Size

      2.9MB

    • MD5

      b46936cffdc42cdae5d2ac630d4d2ea3

    • SHA1

      a87e810985eb35b5350808a3adc7deb93971b454

    • SHA256

      d002a44cf998112f91a5a11bfde4320ab66cd0d21bab15b908827165df5b4fb6

    • SHA512

      8fec7fa2abd7d023224f57d27a843cd742aa5fdc988dcd353e679fc360bdc8da4e2f1bd75ea42c09f63a67f4f077633172620eb4909b3ed218b5b060f50511fe

    • SSDEEP

      24576:1Mhgt9ax/IZHpQjwUKKDGlRfq25v4hSmtafwLf/zVCHXhBo6+t4PnRzx+OZunF/p:1MS2x/SHp8AsS8a0KNPRx+OsBdCUwe/

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks