General

  • Target

    file.exe

  • Size

    3.0MB

  • Sample

    241112-xt4pkayhlm

  • MD5

    2ddb4a173abe996c74cd293f8cf0dee8

  • SHA1

    d9749e75ac2807df36b38496faaba2138fb29493

  • SHA256

    c5e0aaeeb66047df266a8e8d973548cf120e026dcf6a1fb91a73c4639245cb1e

  • SHA512

    eb7f1596d5813cadaef48a5e2f6a13abe48148b3cd19e21eb864c4b7b3fba95338078bd086c8588dd91118eb1e2c26ecdcc3010ad8a3da7b6cf9e62b44905eb6

  • SSDEEP

    24576:SyE7SLjyLxnVWgyLRBnXJ7zGUl9oXt6hqeO4TljggHO/IsFAuFHLjSfkKm4Th+S:SyE7EjyLLEHXBaUwd6hHOclggHY

Malware Config

Extracted

Family

lumma

C2

https://thicktoys.sbs/api

https://3xc1aimbl0w.sbs/api

https://300snails.sbs/api

https://faintbl0w.sbs/api

Targets

    • Target

      file.exe

    • Size

      3.0MB

    • MD5

      2ddb4a173abe996c74cd293f8cf0dee8

    • SHA1

      d9749e75ac2807df36b38496faaba2138fb29493

    • SHA256

      c5e0aaeeb66047df266a8e8d973548cf120e026dcf6a1fb91a73c4639245cb1e

    • SHA512

      eb7f1596d5813cadaef48a5e2f6a13abe48148b3cd19e21eb864c4b7b3fba95338078bd086c8588dd91118eb1e2c26ecdcc3010ad8a3da7b6cf9e62b44905eb6

    • SSDEEP

      24576:SyE7SLjyLxnVWgyLRBnXJ7zGUl9oXt6hqeO4TljggHO/IsFAuFHLjSfkKm4Th+S:SyE7EjyLLEHXBaUwd6hHOclggHY

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks