General

  • Target

    15641797ef42cdd59d4daac7280978f901893a2067704ab32069f7b6695273ec

  • Size

    3.0MB

  • Sample

    241112-wspnksyblk

  • MD5

    d2ff40f1300d2bb13d82522b2493f815

  • SHA1

    226b5de78f2d9c1bdca53be393526ad8b9dcddd0

  • SHA256

    15641797ef42cdd59d4daac7280978f901893a2067704ab32069f7b6695273ec

  • SHA512

    bbde230491d58390212cf4ce5d0c156eab820c3415e6001deaecabfcb6e6da04f038dee8f35adec75372ccb4dd4e300bea5ba1353c0fe9bfd6e5588981a0458f

  • SSDEEP

    49152:JgQ4E3I0YueBUyfh6JRNXW0DqQdOyqntFW5nHmnEd:C83I0YueBUyfh6JRw0D3dx0tYNuE

Malware Config

Extracted

Family

lumma

C2

https://scriptyprefej.store

https://navygenerayk.store

https://founpiuer.store

https://necklacedmny.store

https://thumbystriw.store

https://fadehairucw.store

https://crisiwarny.store

https://presticitpo.store

Targets

    • Target

      15641797ef42cdd59d4daac7280978f901893a2067704ab32069f7b6695273ec

    • Size

      3.0MB

    • MD5

      d2ff40f1300d2bb13d82522b2493f815

    • SHA1

      226b5de78f2d9c1bdca53be393526ad8b9dcddd0

    • SHA256

      15641797ef42cdd59d4daac7280978f901893a2067704ab32069f7b6695273ec

    • SHA512

      bbde230491d58390212cf4ce5d0c156eab820c3415e6001deaecabfcb6e6da04f038dee8f35adec75372ccb4dd4e300bea5ba1353c0fe9bfd6e5588981a0458f

    • SSDEEP

      49152:JgQ4E3I0YueBUyfh6JRNXW0DqQdOyqntFW5nHmnEd:C83I0YueBUyfh6JRw0D3dx0tYNuE

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks