General

  • Target

    file.exe

  • Size

    3.0MB

  • Sample

    241109-a879zateml

  • MD5

    46bb8ee0ef04ada26933a53068d83cf5

  • SHA1

    0d3166ca3b346e5a41614d7ddf7d90e1002c6ec4

  • SHA256

    d6ec39a61882bd8ccdb1c7a0b5a602baa3d9fd7120a19631014f46bc7c62d4a3

  • SHA512

    45c17426173cea8d096c5a0dff02a0314b27a21fea69363abc805f86aaad2beea8f9514bd45058ad736fc40155cc90c704d286e894f10f98f88ca39a72934e68

  • SSDEEP

    49152:kp0DgI5eO673jtCDKkiss+a0LKtaqegQFXRzbES:ki77673jtCupL+egIQFBvt

Malware Config

Extracted

Family

lumma

C2

https://navygenerayk.store/api

Targets

    • Target

      file.exe

    • Size

      3.0MB

    • MD5

      46bb8ee0ef04ada26933a53068d83cf5

    • SHA1

      0d3166ca3b346e5a41614d7ddf7d90e1002c6ec4

    • SHA256

      d6ec39a61882bd8ccdb1c7a0b5a602baa3d9fd7120a19631014f46bc7c62d4a3

    • SHA512

      45c17426173cea8d096c5a0dff02a0314b27a21fea69363abc805f86aaad2beea8f9514bd45058ad736fc40155cc90c704d286e894f10f98f88ca39a72934e68

    • SSDEEP

      49152:kp0DgI5eO673jtCDKkiss+a0LKtaqegQFXRzbES:ki77673jtCupL+egIQFBvt

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks