General

  • Target

    ce4ecebf2a78dc441bcc96d8b9976d2f58565ff894a2666ca7c573cccafe5f9f

  • Size

    2.9MB

  • Sample

    241117-qxgwms1dle

  • MD5

    9cf353d7f91230ecc716133ec222e1f2

  • SHA1

    64ffc3b694d073c321722ad56c57661f3ef8c0c9

  • SHA256

    ce4ecebf2a78dc441bcc96d8b9976d2f58565ff894a2666ca7c573cccafe5f9f

  • SHA512

    3e32a2d1d6072046411bc1a5f3733b4ecfef82f75190dfdcb2aa6e35477038be0fa11484c7c4390cd41666681fb3b692f986d5ee4847502c1206fa70bc1d592d

  • SSDEEP

    49152:ymPHgEbKVz54+8OzDAGHG+voMRgWD7VHbe3qf4WSzYp:yJEbKVz54+xzDHHG+vHR/D7VHK6f4+

Malware Config

Extracted

Family

lumma

C2

https://scriptyprefej.store

https://navygenerayk.store

https://founpiuer.store

https://necklacedmny.store

https://thumbystriw.store

https://fadehairucw.store

https://crisiwarny.store

https://presticitpo.store

https://opinieni.store

Targets

    • Target

      ce4ecebf2a78dc441bcc96d8b9976d2f58565ff894a2666ca7c573cccafe5f9f

    • Size

      2.9MB

    • MD5

      9cf353d7f91230ecc716133ec222e1f2

    • SHA1

      64ffc3b694d073c321722ad56c57661f3ef8c0c9

    • SHA256

      ce4ecebf2a78dc441bcc96d8b9976d2f58565ff894a2666ca7c573cccafe5f9f

    • SHA512

      3e32a2d1d6072046411bc1a5f3733b4ecfef82f75190dfdcb2aa6e35477038be0fa11484c7c4390cd41666681fb3b692f986d5ee4847502c1206fa70bc1d592d

    • SSDEEP

      49152:ymPHgEbKVz54+8OzDAGHG+voMRgWD7VHbe3qf4WSzYp:yJEbKVz54+xzDHHG+vHR/D7VHK6f4+

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks