General

  • Target

    file.exe

  • Size

    3.0MB

  • Sample

    241108-qaccmsshjp

  • MD5

    0203f6b9191cd21d402ee7ca1386cd3f

  • SHA1

    bc2a7018832ed77b3fd94802d3986c903018ad5f

  • SHA256

    54d0a6062d97cb3c494cc2b253a1d8a4636e0260826b60d5a9909e17e625ea7d

  • SHA512

    ea4325f2430a77c9b5035a74a9137be17798b129477d5feeae4840b276924885433dc0f3b9d0b70ccdf55e31c2d81931fbcf215417d46632de2b46a45570aaa0

  • SSDEEP

    49152:GIIYfTVcxT4tKmfH+3oS4B4q9IZXlqikRGhOkOhbTo:GGTV90mfeYS4B4qoQ/RG4hY

Malware Config

Extracted

Family

lumma

C2

https://navygenerayk.store/api

Targets

    • Target

      file.exe

    • Size

      3.0MB

    • MD5

      0203f6b9191cd21d402ee7ca1386cd3f

    • SHA1

      bc2a7018832ed77b3fd94802d3986c903018ad5f

    • SHA256

      54d0a6062d97cb3c494cc2b253a1d8a4636e0260826b60d5a9909e17e625ea7d

    • SHA512

      ea4325f2430a77c9b5035a74a9137be17798b129477d5feeae4840b276924885433dc0f3b9d0b70ccdf55e31c2d81931fbcf215417d46632de2b46a45570aaa0

    • SSDEEP

      49152:GIIYfTVcxT4tKmfH+3oS4B4q9IZXlqikRGhOkOhbTo:GGTV90mfeYS4B4qoQ/RG4hY

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks