General

  • Target

    406472dc02df6dc9d24f59664c270d140d0ad34e4275c58c942ae17d84886b53

  • Size

    3.0MB

  • Sample

    241117-lxj9jswpcy

  • MD5

    428efc416b6c71298a33880b707c008c

  • SHA1

    268c4a517c2616533f5b73c7a7a9815da20e324a

  • SHA256

    406472dc02df6dc9d24f59664c270d140d0ad34e4275c58c942ae17d84886b53

  • SHA512

    0635dbb4129fa97c183621df894c26ac6812af2fecc65761d7f4787b5752f902246841d53d4289b4ceeb340e98f0e0defb482b7fcd38f1134e0fe597d8dcc6ba

  • SSDEEP

    49152:VPSAi2j1wcpeFrHgBSZX/tgKhV2qIf+utq1nn:FSAi2j1TpeFfZX/OKLLutq1n

Malware Config

Extracted

Family

lumma

C2

https://scriptyprefej.store

https://navygenerayk.store

https://founpiuer.store

https://necklacedmny.store

https://thumbystriw.store

https://fadehairucw.store

https://crisiwarny.store

https://presticitpo.store

Targets

    • Target

      406472dc02df6dc9d24f59664c270d140d0ad34e4275c58c942ae17d84886b53

    • Size

      3.0MB

    • MD5

      428efc416b6c71298a33880b707c008c

    • SHA1

      268c4a517c2616533f5b73c7a7a9815da20e324a

    • SHA256

      406472dc02df6dc9d24f59664c270d140d0ad34e4275c58c942ae17d84886b53

    • SHA512

      0635dbb4129fa97c183621df894c26ac6812af2fecc65761d7f4787b5752f902246841d53d4289b4ceeb340e98f0e0defb482b7fcd38f1134e0fe597d8dcc6ba

    • SSDEEP

      49152:VPSAi2j1wcpeFrHgBSZX/tgKhV2qIf+utq1nn:FSAi2j1TpeFfZX/OKLLutq1n

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks