General

  • Target

    e55b5b2a218fc83ea027ab59930a9bf2b782a551b589d420270b543a0695f3c0

  • Size

    2.9MB

  • Sample

    241112-abqcwsypbx

  • MD5

    e7e6833ef5a8fbbd7333eaabad3f3db7

  • SHA1

    5b97f5fa6ef52dd945fbd94c67e452668ccd9c89

  • SHA256

    e55b5b2a218fc83ea027ab59930a9bf2b782a551b589d420270b543a0695f3c0

  • SHA512

    e69dba1f42bff549e992fced4c01f2d130054ae86e93fd21b1272da077412127fb10cbff1eebc275a6864c3c93de219fcc44c1bb69b7b5443e4718a88c2b3155

  • SSDEEP

    49152:4AB/2/zdLCpBvS8uaEBdolIMQdPWpsi81IO9ZEV:40/kZLCpBvS8pEsIU0BvEV

Malware Config

Extracted

Family

lumma

C2

https://scriptyprefej.store

https://navygenerayk.store

https://founpiuer.store

https://necklacedmny.store

https://thumbystriw.store

https://fadehairucw.store

https://crisiwarny.store

https://presticitpo.store

https://opinieni.store

Targets

    • Target

      e55b5b2a218fc83ea027ab59930a9bf2b782a551b589d420270b543a0695f3c0

    • Size

      2.9MB

    • MD5

      e7e6833ef5a8fbbd7333eaabad3f3db7

    • SHA1

      5b97f5fa6ef52dd945fbd94c67e452668ccd9c89

    • SHA256

      e55b5b2a218fc83ea027ab59930a9bf2b782a551b589d420270b543a0695f3c0

    • SHA512

      e69dba1f42bff549e992fced4c01f2d130054ae86e93fd21b1272da077412127fb10cbff1eebc275a6864c3c93de219fcc44c1bb69b7b5443e4718a88c2b3155

    • SSDEEP

      49152:4AB/2/zdLCpBvS8uaEBdolIMQdPWpsi81IO9ZEV:40/kZLCpBvS8pEsIU0BvEV

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks