General

  • Target

    d96be8a69a7207825037e59d9a844ea912e910ae5896464a929064c0c77e2fb0

  • Size

    3.0MB

  • Sample

    241117-lpen4a1nhp

  • MD5

    b09deb1644094d9569ac5a518e97c25c

  • SHA1

    1ddcbbcbb00401a14838fe46257125c56896f98d

  • SHA256

    d96be8a69a7207825037e59d9a844ea912e910ae5896464a929064c0c77e2fb0

  • SHA512

    71ae273f909e6bdf9aa94c5f7e716f633518abbf33cc635d44d62feec8945349c1f33456fab83a432770d0ca788bd2ec7f63c492eec196d23354afcf0e2e4034

  • SSDEEP

    49152:gA1VL+y7MtlHnMhSl/HRYAX4Q5IrUoJBT+YOTWmbo0jstzTLzdlEu6zpFk+aq/SY:D4RoJMYOTWmbdjst/dlEu2pFV//SOH

Malware Config

Extracted

Family

lumma

C2

https://scriptyprefej.store

https://navygenerayk.store

https://founpiuer.store

https://necklacedmny.store

https://thumbystriw.store

https://fadehairucw.store

https://crisiwarny.store

https://presticitpo.store

Targets

    • Target

      d96be8a69a7207825037e59d9a844ea912e910ae5896464a929064c0c77e2fb0

    • Size

      3.0MB

    • MD5

      b09deb1644094d9569ac5a518e97c25c

    • SHA1

      1ddcbbcbb00401a14838fe46257125c56896f98d

    • SHA256

      d96be8a69a7207825037e59d9a844ea912e910ae5896464a929064c0c77e2fb0

    • SHA512

      71ae273f909e6bdf9aa94c5f7e716f633518abbf33cc635d44d62feec8945349c1f33456fab83a432770d0ca788bd2ec7f63c492eec196d23354afcf0e2e4034

    • SSDEEP

      49152:gA1VL+y7MtlHnMhSl/HRYAX4Q5IrUoJBT+YOTWmbo0jstzTLzdlEu6zpFk+aq/SY:D4RoJMYOTWmbdjst/dlEu2pFV//SOH

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks