General

  • Target

    079b65ebaa7a38efa0cc471ae0851c94fd1595b6c8b492244838185cf3050af3N.exe

  • Size

    2.8MB

  • Sample

    241111-2s8pcayelk

  • MD5

    bbd06d43f54dba9afdc4ba341813bcad

  • SHA1

    887df3d2f5abfa19e124fff302c6da27454aebe0

  • SHA256

    bf0f27c39694b09d3e2129c74065fc18d3a3b4b9ce3c708dc9e1f43e510933b6

  • SHA512

    39eae934fc24801885dfb096009def5091b3a32d79df53fa84fa769044bb404db21356947fde31600adb34e1d4afee5c5dcd792320c5d461e5c0aa9257a64482

  • SSDEEP

    49152:TjKGQjjgdGqXf2Cs2NL1cbZPvvwV513dWA/RIimlDbFQWaPg:aG7GqXf2Cs2NL1m4H2A/RjmlDhGPg

Malware Config

Extracted

Family

lumma

C2

https://scriptyprefej.store

https://navygenerayk.store

https://founpiuer.store

https://necklacedmny.store

https://thumbystriw.store

https://fadehairucw.store

https://crisiwarny.store

https://presticitpo.store

https://opinieni.store

Targets

    • Target

      079b65ebaa7a38efa0cc471ae0851c94fd1595b6c8b492244838185cf3050af3N.exe

    • Size

      2.8MB

    • MD5

      bbd06d43f54dba9afdc4ba341813bcad

    • SHA1

      887df3d2f5abfa19e124fff302c6da27454aebe0

    • SHA256

      bf0f27c39694b09d3e2129c74065fc18d3a3b4b9ce3c708dc9e1f43e510933b6

    • SHA512

      39eae934fc24801885dfb096009def5091b3a32d79df53fa84fa769044bb404db21356947fde31600adb34e1d4afee5c5dcd792320c5d461e5c0aa9257a64482

    • SSDEEP

      49152:TjKGQjjgdGqXf2Cs2NL1cbZPvvwV513dWA/RIimlDbFQWaPg:aG7GqXf2Cs2NL1m4H2A/RjmlDhGPg

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks