General

  • Target

    737914f47ca5ef34d3e8dd45ead3b2f9.exe

  • Size

    2.8MB

  • Sample

    241109-xlz2eazepc

  • MD5

    737914f47ca5ef34d3e8dd45ead3b2f9

  • SHA1

    ff8d38f33f90c42dd1a2e4182a1177584d12dcf8

  • SHA256

    abc1617f4a0b2b5ce9028128f6f03deb873fd8806162b7eb9eccd5ef77513b60

  • SHA512

    978e6d11368bd58c17db88a07c4463cd8350a5673f2699075a988a0aefa852973fa6e91b8b404f6b4d911cdde599d9ebbe668a75651edea2b98c78250056fe78

  • SSDEEP

    49152:kEqnMlqJH55U9Xwy97J6nM2nKvXcvq7yUSfKy+2+O:pqMluHHU9X197J6bWcvxUq+2+O

Malware Config

Extracted

Family

lumma

C2

https://navygenerayk.store/api

Targets

    • Target

      737914f47ca5ef34d3e8dd45ead3b2f9.exe

    • Size

      2.8MB

    • MD5

      737914f47ca5ef34d3e8dd45ead3b2f9

    • SHA1

      ff8d38f33f90c42dd1a2e4182a1177584d12dcf8

    • SHA256

      abc1617f4a0b2b5ce9028128f6f03deb873fd8806162b7eb9eccd5ef77513b60

    • SHA512

      978e6d11368bd58c17db88a07c4463cd8350a5673f2699075a988a0aefa852973fa6e91b8b404f6b4d911cdde599d9ebbe668a75651edea2b98c78250056fe78

    • SSDEEP

      49152:kEqnMlqJH55U9Xwy97J6nM2nKvXcvq7yUSfKy+2+O:pqMluHHU9X197J6bWcvxUq+2+O

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks