General

  • Target

    0e3c053cccd97dc93b91dc9ceb00be01.bin

  • Size

    1.7MB

  • Sample

    241109-bc5pmssqez

  • MD5

    cf74190372b8ad8973853e7f8aa8bb2c

  • SHA1

    5638b4fe23197472181a4a1da553c9d1646bdc3f

  • SHA256

    797b1df478c60c94379464e6a4a4caa4038ad8bba44acc9c48d4559fca653655

  • SHA512

    6376d6c7b67dce0f248ee5800e1e36585ecab34723c69e8b50c5ba9b75add42a1199279eb1e22f8c3fbd2c3383825d2524c180edfa2cd37ed5362f70f279e36a

  • SSDEEP

    24576:5mJ3vJ3Y+RFrK7bhflXrgNmkyu8d+/VVSMxcVDmFqsdeGjBkL/uWsDOjT4eH7Fs:slK7bB1kQFu+AeMx7FV6buWsDOx7q

Malware Config

Extracted

Family

lumma

C2

https://navygenerayk.store/api

Targets

    • Target

      49317d725402f77e1253f32873158186473a7daf785786b3b310fc9dc8ba6121.exe

    • Size

      3.0MB

    • MD5

      0e3c053cccd97dc93b91dc9ceb00be01

    • SHA1

      c10ac13c4971781eeea01991b0fec0d474c95a98

    • SHA256

      49317d725402f77e1253f32873158186473a7daf785786b3b310fc9dc8ba6121

    • SHA512

      5aae1bcfab4c3c03bb5c55b2b7030b581663f7c80bd7734ca7c84cd72f8dbd93dc61e4c5ace92cf737e1da95eed7d69d08eaa7e0960bad6d3253b0f6cd4c37c9

    • SSDEEP

      24576:TNmpb83iuPJexaH3AIOPJBimQ0qnYkoNw+c1zuAVtKu8lNpYzVNVA3TcAES7dsFr:BmpbQPoacPaGE1YlYzF1aSF5d

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks