General

  • Target

    file.exe

  • Size

    3.0MB

  • Sample

    241108-1c14wssphl

  • MD5

    cab3da58169117d6b2b118dfd42908df

  • SHA1

    b405fa5f68e74860bac3a0bdbb4a843beba15320

  • SHA256

    5666372b2e14e57565845f13137b74f2e15f61e96f1accd7b0fb041fc5ffaf52

  • SHA512

    04c0bcef27d0aaf78fa3d3a1ec5eb2f65c91bf25762d789a04a741519ccebbb74b1240065a5f47076d438b8d577906543d5ccd11a32fd128a97e7cbfbf9ed76f

  • SSDEEP

    49152:RB6AjzEpL9b25V+GvrRwcsWt3HQpPaJpyu5PIFHtLKsyhKMprRLC:rfjzE59bIV+GvrLsW+pyJpyoyksGRL

Malware Config

Extracted

Family

lumma

C2

https://navygenerayk.store/api

Targets

    • Target

      file.exe

    • Size

      3.0MB

    • MD5

      cab3da58169117d6b2b118dfd42908df

    • SHA1

      b405fa5f68e74860bac3a0bdbb4a843beba15320

    • SHA256

      5666372b2e14e57565845f13137b74f2e15f61e96f1accd7b0fb041fc5ffaf52

    • SHA512

      04c0bcef27d0aaf78fa3d3a1ec5eb2f65c91bf25762d789a04a741519ccebbb74b1240065a5f47076d438b8d577906543d5ccd11a32fd128a97e7cbfbf9ed76f

    • SSDEEP

      49152:RB6AjzEpL9b25V+GvrRwcsWt3HQpPaJpyu5PIFHtLKsyhKMprRLC:rfjzE59bIV+GvrLsW+pyJpyoyksGRL

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks