General

  • Target

    2baf2724bcd596615482311e56c44992c76d1f52647ac7c0daa788abc921fa74

  • Size

    3.0MB

  • Sample

    241117-lsyldaxdpk

  • MD5

    beb88464d425b6672e0ddfaabc2a1aec

  • SHA1

    d82c1caeb93ce0730de45be486c9dac620ba3552

  • SHA256

    2baf2724bcd596615482311e56c44992c76d1f52647ac7c0daa788abc921fa74

  • SHA512

    a67648a2045941fbb918d5a76c1d48165e1474755af2477eec8b66b20a6ddc897499bceaedd858551bc78494ab8fec4312215c01d94e010020e31feaec587561

  • SSDEEP

    49152:Fsb+0pgjF+JPhu2/TNzA8ilHcfibD2Rvu6of06L+uPrLAf:FsCUgoJI2/TNzLCHqgD2z6DL

Malware Config

Extracted

Family

lumma

C2

https://scriptyprefej.store

https://navygenerayk.store

https://founpiuer.store

https://necklacedmny.store

https://thumbystriw.store

https://fadehairucw.store

https://crisiwarny.store

https://presticitpo.store

Targets

    • Target

      2baf2724bcd596615482311e56c44992c76d1f52647ac7c0daa788abc921fa74

    • Size

      3.0MB

    • MD5

      beb88464d425b6672e0ddfaabc2a1aec

    • SHA1

      d82c1caeb93ce0730de45be486c9dac620ba3552

    • SHA256

      2baf2724bcd596615482311e56c44992c76d1f52647ac7c0daa788abc921fa74

    • SHA512

      a67648a2045941fbb918d5a76c1d48165e1474755af2477eec8b66b20a6ddc897499bceaedd858551bc78494ab8fec4312215c01d94e010020e31feaec587561

    • SSDEEP

      49152:Fsb+0pgjF+JPhu2/TNzA8ilHcfibD2Rvu6of06L+uPrLAf:FsCUgoJI2/TNzLCHqgD2z6DL

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks