General

  • Target

    573db5cc5226824dca52126ab9ee25b01bcfe2ffd1eca3aa1c2cfa65296f79b6

  • Size

    3.0MB

  • Sample

    241117-k15tzs1jbr

  • MD5

    ff5d103cee62fd676d18a467c5f2cb08

  • SHA1

    af61d9b8bd2cac8d897bcfaf876dfc7152531762

  • SHA256

    573db5cc5226824dca52126ab9ee25b01bcfe2ffd1eca3aa1c2cfa65296f79b6

  • SHA512

    ea6997a47708c280ef9013d5c81a7ea871e23b784f6636d743e4409191c71ef2a0add6ec162ad687ff9c4422ff5a1512940b5b4e101c4fe82f2d9ebc8a8a9f73

  • SSDEEP

    49152:8IsiuSw7vC9qhKenVcpsccCVhwE9cDYaum7TJ9:jsEw7vC9qdV6DmTYWT

Malware Config

Extracted

Family

lumma

C2

https://scriptyprefej.store

https://navygenerayk.store

https://founpiuer.store

https://necklacedmny.store

https://thumbystriw.store

https://fadehairucw.store

https://crisiwarny.store

https://presticitpo.store

Targets

    • Target

      573db5cc5226824dca52126ab9ee25b01bcfe2ffd1eca3aa1c2cfa65296f79b6

    • Size

      3.0MB

    • MD5

      ff5d103cee62fd676d18a467c5f2cb08

    • SHA1

      af61d9b8bd2cac8d897bcfaf876dfc7152531762

    • SHA256

      573db5cc5226824dca52126ab9ee25b01bcfe2ffd1eca3aa1c2cfa65296f79b6

    • SHA512

      ea6997a47708c280ef9013d5c81a7ea871e23b784f6636d743e4409191c71ef2a0add6ec162ad687ff9c4422ff5a1512940b5b4e101c4fe82f2d9ebc8a8a9f73

    • SSDEEP

      49152:8IsiuSw7vC9qhKenVcpsccCVhwE9cDYaum7TJ9:jsEw7vC9qdV6DmTYWT

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks