General

  • Target

    3c19c32faf06c5652f625e3bf51bae272d1c6f7a2489c475a1ab90aa86567248

  • Size

    3.0MB

  • Sample

    241117-q13yaa1eja

  • MD5

    954ede4a070e766c1c5a1e19bdfe0593

  • SHA1

    3b371b4e00f00e9fd010511c6cfcbfe72a8082fd

  • SHA256

    3c19c32faf06c5652f625e3bf51bae272d1c6f7a2489c475a1ab90aa86567248

  • SHA512

    650e0b540b8abe88cf74a1f8bc085eedab905abf02a122d9ed1a1363d4101df0d37eb8a709e3c6dac5e4cfc3c148b3f6c66120773efc9756124bca81fb0edf73

  • SSDEEP

    49152:5cc9S8+lQ7Od0fEtFW9Bq8y9q1eDyRujYQnC:53KQ7Odt/W9XyY1eFEx

Malware Config

Extracted

Family

lumma

C2

https://scriptyprefej.store

https://navygenerayk.store

https://founpiuer.store

https://necklacedmny.store

https://thumbystriw.store

https://fadehairucw.store

https://crisiwarny.store

https://presticitpo.store

Targets

    • Target

      3c19c32faf06c5652f625e3bf51bae272d1c6f7a2489c475a1ab90aa86567248

    • Size

      3.0MB

    • MD5

      954ede4a070e766c1c5a1e19bdfe0593

    • SHA1

      3b371b4e00f00e9fd010511c6cfcbfe72a8082fd

    • SHA256

      3c19c32faf06c5652f625e3bf51bae272d1c6f7a2489c475a1ab90aa86567248

    • SHA512

      650e0b540b8abe88cf74a1f8bc085eedab905abf02a122d9ed1a1363d4101df0d37eb8a709e3c6dac5e4cfc3c148b3f6c66120773efc9756124bca81fb0edf73

    • SSDEEP

      49152:5cc9S8+lQ7Od0fEtFW9Bq8y9q1eDyRujYQnC:53KQ7Odt/W9XyY1eFEx

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks