General

  • Target

    b6799aca63fab7c42be7a5b759aa609a165937735d0e9ec284ec246097197bfd

  • Size

    2.9MB

  • Sample

    241112-wqxamsxjet

  • MD5

    c7b6f2f5f665a34731424c6803b0eb19

  • SHA1

    ae04d0016aeb061617b8a6638103f9d8f439f970

  • SHA256

    b6799aca63fab7c42be7a5b759aa609a165937735d0e9ec284ec246097197bfd

  • SHA512

    bcd9fb0bef213aad1c244fb5b3a15307f930e321feead332c587058118d70146112dcc5d67375056b86c7dfd7b573a3b06c90e40efe904ecb9cc55620ce8daf7

  • SSDEEP

    49152:hcaHSsFgA+6wR8KSiqWuXX0LSrQxgbBdCycgelPERP3eo/G18ZoE:fXZ+6wR8K7ruH2S8mbBsycgiAmo/G1KL

Malware Config

Extracted

Family

lumma

C2

https://scriptyprefej.store

https://navygenerayk.store

https://founpiuer.store

https://necklacedmny.store

https://thumbystriw.store

https://fadehairucw.store

https://crisiwarny.store

https://presticitpo.store

Targets

    • Target

      b6799aca63fab7c42be7a5b759aa609a165937735d0e9ec284ec246097197bfd

    • Size

      2.9MB

    • MD5

      c7b6f2f5f665a34731424c6803b0eb19

    • SHA1

      ae04d0016aeb061617b8a6638103f9d8f439f970

    • SHA256

      b6799aca63fab7c42be7a5b759aa609a165937735d0e9ec284ec246097197bfd

    • SHA512

      bcd9fb0bef213aad1c244fb5b3a15307f930e321feead332c587058118d70146112dcc5d67375056b86c7dfd7b573a3b06c90e40efe904ecb9cc55620ce8daf7

    • SSDEEP

      49152:hcaHSsFgA+6wR8KSiqWuXX0LSrQxgbBdCycgelPERP3eo/G18ZoE:fXZ+6wR8K7ruH2S8mbBsycgiAmo/G1KL

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks