General

  • Target

    f08b42a1d7648f9ad33f0beeed924e0262cbb4beeedb5e65e538c596a3cf003d

  • Size

    3.0MB

  • Sample

    241112-xkna8ayfmh

  • MD5

    0f8e80c7efbc12a20c652f7ff3b49598

  • SHA1

    8cd5626d7bd4a33e9366bf26f145a76ea8834c12

  • SHA256

    f08b42a1d7648f9ad33f0beeed924e0262cbb4beeedb5e65e538c596a3cf003d

  • SHA512

    cf68d175d231b366e0fbe2b77665e0f4a632f82f05beaeb40ec4c5ad01f96e1d889202edc00050cf53b5d75972a77de6cb07518ab69f1be5c7e8d02825caf89f

  • SSDEEP

    49152:X32hXrOycS5C0QgMd+1vHFWyDlzOhRElAWN2M6EzosbJv+l:X3s7OhS5C0QgM0RHFWy9k04M5osbJ

Malware Config

Extracted

Family

lumma

C2

https://scriptyprefej.store

https://navygenerayk.store

https://founpiuer.store

https://necklacedmny.store

https://thumbystriw.store

https://fadehairucw.store

https://crisiwarny.store

https://presticitpo.store

Targets

    • Target

      f08b42a1d7648f9ad33f0beeed924e0262cbb4beeedb5e65e538c596a3cf003d

    • Size

      3.0MB

    • MD5

      0f8e80c7efbc12a20c652f7ff3b49598

    • SHA1

      8cd5626d7bd4a33e9366bf26f145a76ea8834c12

    • SHA256

      f08b42a1d7648f9ad33f0beeed924e0262cbb4beeedb5e65e538c596a3cf003d

    • SHA512

      cf68d175d231b366e0fbe2b77665e0f4a632f82f05beaeb40ec4c5ad01f96e1d889202edc00050cf53b5d75972a77de6cb07518ab69f1be5c7e8d02825caf89f

    • SSDEEP

      49152:X32hXrOycS5C0QgMd+1vHFWyDlzOhRElAWN2M6EzosbJv+l:X3s7OhS5C0QgM0RHFWy9k04M5osbJ

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks