General
-
Target
20cccc8a79377e2068561e9398bc3496e9b7161b28306ac01fd5ad5c5aa0ebae
-
Size
1.8MB
-
Sample
241118-rn5f1syelp
-
MD5
baf57af9522263fc78f449650fc44318
-
SHA1
913c599f16669f9659c790a378f8fbc6b7c20307
-
SHA256
20cccc8a79377e2068561e9398bc3496e9b7161b28306ac01fd5ad5c5aa0ebae
-
SHA512
392942c4bbc33870af8d20c84644c166c1d79ab84b4c581baa3a6488869c9f80deb31517796aec27faebcc29f8031d70114ce41022932b2f39376472950e6039
-
SSDEEP
24576:R9bT7m5AM6X8AxKQGbR7xbcTRnUbyJ1SIJai8dpdQpLthIH2Xu23JZA+Yr8PDerZ:R4L69x6R7RCCo1TOkpRq8TwrjWxCm8
Malware Config
Extracted
lumma
https://processhol.sbs/api
https://p10tgrace.sbs/api
https://peepburry828.sbs/api
https://3xp3cts1aim.sbs/api
https://p3ar11fter.sbs/api
Targets
-
-
Target
20cccc8a79377e2068561e9398bc3496e9b7161b28306ac01fd5ad5c5aa0ebae
-
Size
1.8MB
-
MD5
baf57af9522263fc78f449650fc44318
-
SHA1
913c599f16669f9659c790a378f8fbc6b7c20307
-
SHA256
20cccc8a79377e2068561e9398bc3496e9b7161b28306ac01fd5ad5c5aa0ebae
-
SHA512
392942c4bbc33870af8d20c84644c166c1d79ab84b4c581baa3a6488869c9f80deb31517796aec27faebcc29f8031d70114ce41022932b2f39376472950e6039
-
SSDEEP
24576:R9bT7m5AM6X8AxKQGbR7xbcTRnUbyJ1SIJai8dpdQpLthIH2Xu23JZA+Yr8PDerZ:R4L69x6R7RCCo1TOkpRq8TwrjWxCm8
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2