Overview

overview

10

Static

static

3

258cfb05d7...24.exe

windows7-x64

10

258cfb05d7...24.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    258cfb05d707f90183dd6ba8569763e75aff570da88caaf15e7234218d13e324

  • Size

    1.8MB

  • Sample

    241118-qzda8sxepe

  • MD5

    2f60d3c5f1049e713c629e4b109019e0

  • SHA1

    52c4769003ef9cfee07c48cf4f8ff3560dbf8733

  • SHA256

    258cfb05d707f90183dd6ba8569763e75aff570da88caaf15e7234218d13e324

  • SHA512

    b185d43a70429dd27abad4e35c4e091d43a217f74201a6bf839af5f9da26bcf64b4cb9eb0045aba8eeb3f661f58a17212e457b9c9cc36ccab5501cc6c4694141

  • SSDEEP

    24576:n66beDDqtDfBu4zbZ1CHYgUVVPAJlaU1cnwLjkTqt/AMfjJDdZJivttAnBAYYaUJ:SD+tDZuObZV3GlDcnwLjrZbwtE++XS

Score
10/10
lummadiscoveryevasionstealer

Malware Config

Extracted

Family

lumma

C2

https://processhol.sbs/api

https://p10tgrace.sbs/api

https://peepburry828.sbs/api

https://3xp3cts1aim.sbs/api

https://p3ar11fter.sbs/api

Targets

    • Target

      258cfb05d707f90183dd6ba8569763e75aff570da88caaf15e7234218d13e324

    • Size

      1.8MB

    • MD5

      2f60d3c5f1049e713c629e4b109019e0

    • SHA1

      52c4769003ef9cfee07c48cf4f8ff3560dbf8733

    • SHA256

      258cfb05d707f90183dd6ba8569763e75aff570da88caaf15e7234218d13e324

    • SHA512

      b185d43a70429dd27abad4e35c4e091d43a217f74201a6bf839af5f9da26bcf64b4cb9eb0045aba8eeb3f661f58a17212e457b9c9cc36ccab5501cc6c4694141

    • SSDEEP

      24576:n66beDDqtDfBu4zbZ1CHYgUVVPAJlaU1cnwLjkTqt/AMfjJDdZJivttAnBAYYaUJ:SD+tDZuObZV3GlDcnwLjrZbwtE++XS

    Score
    10/10
    lummadiscoveryevasionstealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks