General

  • Target

    ef98ef7b237c47e0d3dfc8e64dad955c4a3c3a5ffa8ff524d59c5f0135d18533.exe

  • Size

    2.9MB

  • Sample

    241110-dq9xmaydqa

  • MD5

    e4680563d6cf072a53a06a48f15e551c

  • SHA1

    7cdc2a70c955fa540144d2e9ce7229d34e432fb8

  • SHA256

    ef98ef7b237c47e0d3dfc8e64dad955c4a3c3a5ffa8ff524d59c5f0135d18533

  • SHA512

    e507e6f753a2fc3f8aff5994fa559098af383dae82f838935974563c49ffa88170078a760dbced97762341f5ffb177355fe6d6da5cc8203baa7225e1038914b1

  • SSDEEP

    49152:H+v7kUxpFSMnGRhclxVytL1C0kZEoopaC246xT0I1:H+v7kUxpM2GRh3tBBkropzt6x

Malware Config

Extracted

Family

lumma

C2

https://navygenerayk.store/api

Targets

    • Target

      ef98ef7b237c47e0d3dfc8e64dad955c4a3c3a5ffa8ff524d59c5f0135d18533.exe

    • Size

      2.9MB

    • MD5

      e4680563d6cf072a53a06a48f15e551c

    • SHA1

      7cdc2a70c955fa540144d2e9ce7229d34e432fb8

    • SHA256

      ef98ef7b237c47e0d3dfc8e64dad955c4a3c3a5ffa8ff524d59c5f0135d18533

    • SHA512

      e507e6f753a2fc3f8aff5994fa559098af383dae82f838935974563c49ffa88170078a760dbced97762341f5ffb177355fe6d6da5cc8203baa7225e1038914b1

    • SSDEEP

      49152:H+v7kUxpFSMnGRhclxVytL1C0kZEoopaC246xT0I1:H+v7kUxpM2GRh3tBBkropzt6x

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks