General

  • Target

    file.exe

  • Size

    3.0MB

  • Sample

    241108-3mpjys1qds

  • MD5

    f112a427f92fbbdcf8c67f77639396cb

  • SHA1

    307a27c2f5e2af41a64a84c571c1c29043d2fab8

  • SHA256

    5a4b8a265b4512cc6a8b192587a5c4c60f689165a6f75ec03c12cef3360355d1

  • SHA512

    281ee1cf26ba6f85dfa53f8c9305a63d66244e3f48b834e88b608391efbeda864f2862bc9efd944c0fbbdf0b9ac1cf96c73db53fb6aa35eb09ea04e810be3114

  • SSDEEP

    49152:QZCdvrrE3wiLRGf3O2xqYIkAHdf81HpaSvggKJff5OGm:HjDiLRC+28YIkAHd01gS9kf5O

Malware Config

Extracted

Family

lumma

C2

https://navygenerayk.store/api

Targets

    • Target

      file.exe

    • Size

      3.0MB

    • MD5

      f112a427f92fbbdcf8c67f77639396cb

    • SHA1

      307a27c2f5e2af41a64a84c571c1c29043d2fab8

    • SHA256

      5a4b8a265b4512cc6a8b192587a5c4c60f689165a6f75ec03c12cef3360355d1

    • SHA512

      281ee1cf26ba6f85dfa53f8c9305a63d66244e3f48b834e88b608391efbeda864f2862bc9efd944c0fbbdf0b9ac1cf96c73db53fb6aa35eb09ea04e810be3114

    • SSDEEP

      49152:QZCdvrrE3wiLRGf3O2xqYIkAHdf81HpaSvggKJff5OGm:HjDiLRC+28YIkAHd01gS9kf5O

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks