General

  • Target

    c3c2024e7fe56a636144ba8541554e46f8c558d92620763cc0b382d9860e13c9

  • Size

    3.1MB

  • Sample

    241112-x5lywszbkp

  • MD5

    af61df2e64cc0a9fb7af4c3db55f6cd9

  • SHA1

    466d26398628eef7b53f0f3b5dd9ec29a3d526b5

  • SHA256

    c3c2024e7fe56a636144ba8541554e46f8c558d92620763cc0b382d9860e13c9

  • SHA512

    a35b730faa70dc371a4c50db229a18d4527ba7195618e8732a5d6e4e9b7e2cde9327ee4bdc3970d643386c244dfb54c9550355d0de01e093354a350fc81ca59d

  • SSDEEP

    49152:FS4P1wimWGQfmnqvjtVd1mlQbtR/1rKNZzMNL4NStU:FS4d/vUqLtVd1CiR9mxzNSy

Malware Config

Extracted

Family

lumma

C2

https://scriptyprefej.store

https://navygenerayk.store

https://founpiuer.store

https://necklacedmny.store

https://thumbystriw.store

https://fadehairucw.store

https://crisiwarny.store

https://presticitpo.store

Targets

    • Target

      c3c2024e7fe56a636144ba8541554e46f8c558d92620763cc0b382d9860e13c9

    • Size

      3.1MB

    • MD5

      af61df2e64cc0a9fb7af4c3db55f6cd9

    • SHA1

      466d26398628eef7b53f0f3b5dd9ec29a3d526b5

    • SHA256

      c3c2024e7fe56a636144ba8541554e46f8c558d92620763cc0b382d9860e13c9

    • SHA512

      a35b730faa70dc371a4c50db229a18d4527ba7195618e8732a5d6e4e9b7e2cde9327ee4bdc3970d643386c244dfb54c9550355d0de01e093354a350fc81ca59d

    • SSDEEP

      49152:FS4P1wimWGQfmnqvjtVd1mlQbtR/1rKNZzMNL4NStU:FS4d/vUqLtVd1CiR9mxzNSy

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks