General
-
Target
f91bc67b243be72e6316a8dc02f171c0e096f01ea8c0ce769786fab5f4ff1ee3.exe
-
Size
3.0MB
-
Sample
241118-rmxpsaxrbx
-
MD5
35dd6003c0882ee82819da41695bc5bf
-
SHA1
8049055c97f3d7bd80977ed050e23afc3d4e313c
-
SHA256
f91bc67b243be72e6316a8dc02f171c0e096f01ea8c0ce769786fab5f4ff1ee3
-
SHA512
e3be846b036986a10838c47ada50f161418c82dd468d7738f526810a5d0caa4775e5e65791ab81c3f4824933c95ff58cdf8cf1aa332406dde6e49ad477715c80
-
SSDEEP
49152:vkBV9e9VUV2z3J8199BF8tdejSrI9Dv0gS2ooxEeggo4mhJ:Quz3J81jBFKdmSrI9Dv00BSgo4mL
Malware Config
Extracted
lumma
https://scriptyprefej.store
https://navygenerayk.store
https://founpiuer.store
https://necklacedmny.store
https://thumbystriw.store
https://fadehairucw.store
https://crisiwarny.store
https://presticitpo.store
Targets
-
-
Target
f91bc67b243be72e6316a8dc02f171c0e096f01ea8c0ce769786fab5f4ff1ee3.exe
-
Size
3.0MB
-
MD5
35dd6003c0882ee82819da41695bc5bf
-
SHA1
8049055c97f3d7bd80977ed050e23afc3d4e313c
-
SHA256
f91bc67b243be72e6316a8dc02f171c0e096f01ea8c0ce769786fab5f4ff1ee3
-
SHA512
e3be846b036986a10838c47ada50f161418c82dd468d7738f526810a5d0caa4775e5e65791ab81c3f4824933c95ff58cdf8cf1aa332406dde6e49ad477715c80
-
SSDEEP
49152:vkBV9e9VUV2z3J8199BF8tdejSrI9Dv0gS2ooxEeggo4mhJ:Quz3J81jBFKdmSrI9Dv00BSgo4mL
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2