General

  • Target

    file.exe

  • Size

    3.0MB

  • Sample

    241112-sn1y9stqg1

  • MD5

    75a98c00f500d328184f3af8ce2fda18

  • SHA1

    84da1b3544db559bd1a5fe224356a8fb83ccfdf1

  • SHA256

    19731e588d54513d92409d70de34207b3748e67a04a2efb40b7177d09c3cc224

  • SHA512

    fcd4009e27370b050534f9e2f060c8cdd614b09e7d2bf72f829dafb58fb5dac53e21ff2249eb6d68f46c5300ac5f7e4c78735c0240d19a1aa8940a4b5ad04d0d

  • SSDEEP

    98304:2XdwVfbPh8h7zqenjMzjHP05vNYm0wLs8:IdwVaVYas

Malware Config

Extracted

Family

lumma

C2

https://thicktoys.sbs/api

https://3xc1aimbl0w.sbs/api

https://300snails.sbs/api

https://faintbl0w.sbs/api

Targets

    • Target

      file.exe

    • Size

      3.0MB

    • MD5

      75a98c00f500d328184f3af8ce2fda18

    • SHA1

      84da1b3544db559bd1a5fe224356a8fb83ccfdf1

    • SHA256

      19731e588d54513d92409d70de34207b3748e67a04a2efb40b7177d09c3cc224

    • SHA512

      fcd4009e27370b050534f9e2f060c8cdd614b09e7d2bf72f829dafb58fb5dac53e21ff2249eb6d68f46c5300ac5f7e4c78735c0240d19a1aa8940a4b5ad04d0d

    • SSDEEP

      98304:2XdwVfbPh8h7zqenjMzjHP05vNYm0wLs8:IdwVaVYas

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks