Resubmissions

08/11/2024, 14:33

241108-rwz69ssrf1 10

08/11/2024, 14:30

241108-rvhwlatgjm 10

General

  • Target

    70f1ef13e02086ef05f82e098684135f79295a8493f0174ec96dda7b894120f7N

  • Size

    2.8MB

  • Sample

    241108-rwz69ssrf1

  • MD5

    ac184422dacac5a48f36b3974bf132b0

  • SHA1

    38582d5a75766079a8da322b9c5928e8de448574

  • SHA256

    70f1ef13e02086ef05f82e098684135f79295a8493f0174ec96dda7b894120f7

  • SHA512

    6d9558b9d87c5bc15659303795c55bea06355fd7eed931969898980f9b6923a3eb1f1063e61c45f5d007c0059ca35d108ef189e246bf0e91f7e4c07cd0259161

  • SSDEEP

    49152:8cS10JHLagv1re3KnXL6p0Qw+VFfDUfzlyAij:8v1wu+1re3Kn+pfwcQ74dj

Malware Config

Extracted

Family

lumma

C2

https://navygenerayk.store/api

Targets

    • Target

      70f1ef13e02086ef05f82e098684135f79295a8493f0174ec96dda7b894120f7N

    • Size

      2.8MB

    • MD5

      ac184422dacac5a48f36b3974bf132b0

    • SHA1

      38582d5a75766079a8da322b9c5928e8de448574

    • SHA256

      70f1ef13e02086ef05f82e098684135f79295a8493f0174ec96dda7b894120f7

    • SHA512

      6d9558b9d87c5bc15659303795c55bea06355fd7eed931969898980f9b6923a3eb1f1063e61c45f5d007c0059ca35d108ef189e246bf0e91f7e4c07cd0259161

    • SSDEEP

      49152:8cS10JHLagv1re3KnXL6p0Qw+VFfDUfzlyAij:8v1wu+1re3Kn+pfwcQ74dj

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks