General

  • Target

    file.exe

  • Size

    3.0MB

  • Sample

    241112-wtqbha1nbn

  • MD5

    6fddc2de16b4e52b683845b0de57d268

  • SHA1

    79913b66c543fc2242de513e396bfada051ea9c1

  • SHA256

    df5d157f42f8ae124e54ff65eba0d51c8e4ffa8c74314ba2ca78ea0e7d18235d

  • SHA512

    d585321d10378ddfc341350c54b7643b2caf1be578d1b643496bfa3ec9529769017d015192c17791bd699b830e2fb2b5da626744d3a7cd970f8c0f803f28d2d4

  • SSDEEP

    49152:MqGA0nP0MrhXcQ2q++eXNB18OYfMq3qS55BK76yg:MN5rhXeq+d18TMq3qS55476

Malware Config

Extracted

Family

lumma

C2

https://3xc1aimbl0w.sbs/api

https://300snails.sbs/api

https://faintbl0w.sbs/api

https://thicktoys.sbs/api

Targets

    • Target

      file.exe

    • Size

      3.0MB

    • MD5

      6fddc2de16b4e52b683845b0de57d268

    • SHA1

      79913b66c543fc2242de513e396bfada051ea9c1

    • SHA256

      df5d157f42f8ae124e54ff65eba0d51c8e4ffa8c74314ba2ca78ea0e7d18235d

    • SHA512

      d585321d10378ddfc341350c54b7643b2caf1be578d1b643496bfa3ec9529769017d015192c17791bd699b830e2fb2b5da626744d3a7cd970f8c0f803f28d2d4

    • SSDEEP

      49152:MqGA0nP0MrhXcQ2q++eXNB18OYfMq3qS55BK76yg:MN5rhXeq+d18TMq3qS55476

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks