General

  • Target

    dcd5ab5063f5498fb2dd077bfa2490f046cf91ff5c7fde3ddcee2faef087ca6fN

  • Size

    3.0MB

  • Sample

    241108-tnn55svfmb

  • MD5

    6a811d032fe3feb1d20c7d531b430c70

  • SHA1

    b9f31f21dbeb13356fc216c6ad20f4a016672807

  • SHA256

    dcd5ab5063f5498fb2dd077bfa2490f046cf91ff5c7fde3ddcee2faef087ca6f

  • SHA512

    20d03a25c9beda734d39e8eaf170636cb1d66361705dc63a46bac9e926af8ae7003247e6c6aba11989b094fa6dc75074be095dec1139379a97585cf96d802db8

  • SSDEEP

    49152:VyuCbGHL7cgdHWvSjZUQ1X42jU/LscD77y1Twju:VyufHfcgdHWwzCyq77sTwju

Malware Config

Extracted

Family

lumma

C2

https://navygenerayk.store/api

Targets

    • Target

      dcd5ab5063f5498fb2dd077bfa2490f046cf91ff5c7fde3ddcee2faef087ca6fN

    • Size

      3.0MB

    • MD5

      6a811d032fe3feb1d20c7d531b430c70

    • SHA1

      b9f31f21dbeb13356fc216c6ad20f4a016672807

    • SHA256

      dcd5ab5063f5498fb2dd077bfa2490f046cf91ff5c7fde3ddcee2faef087ca6f

    • SHA512

      20d03a25c9beda734d39e8eaf170636cb1d66361705dc63a46bac9e926af8ae7003247e6c6aba11989b094fa6dc75074be095dec1139379a97585cf96d802db8

    • SSDEEP

      49152:VyuCbGHL7cgdHWvSjZUQ1X42jU/LscD77y1Twju:VyufHfcgdHWwzCyq77sTwju

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks