General
-
Target
894f393cd04f80a0137d239eec7ab4a31d6c169231476f40c04ba90e45ebee05
-
Size
1.8MB
-
Sample
241118-t4c3ta1dlm
-
MD5
039a5670b4c56bd2aa19cdfbef068186
-
SHA1
a6a705fec5d6a56ba1ee0a889abd1c2ea49a4913
-
SHA256
894f393cd04f80a0137d239eec7ab4a31d6c169231476f40c04ba90e45ebee05
-
SHA512
4993c17437b8c3d85d7760fe524fbdd14a9399db37b16f7adc66b52ad7b5ef4a9a80e8fb2e895f9866a49650d1206fe4669a532f439641e4b469917749670c2c
-
SSDEEP
49152:MxwW7D9kZ2LLSfZDClwZT6G+5DGwmHbD6Q:MxwWyZ2vUtClwspDGwmH36
Malware Config
Extracted
lumma
https://processhol.sbs/api
https://p10tgrace.sbs/api
https://peepburry828.sbs/api
https://3xp3cts1aim.sbs/api
https://p3ar11fter.sbs/api
Targets
-
-
Target
894f393cd04f80a0137d239eec7ab4a31d6c169231476f40c04ba90e45ebee05
-
Size
1.8MB
-
MD5
039a5670b4c56bd2aa19cdfbef068186
-
SHA1
a6a705fec5d6a56ba1ee0a889abd1c2ea49a4913
-
SHA256
894f393cd04f80a0137d239eec7ab4a31d6c169231476f40c04ba90e45ebee05
-
SHA512
4993c17437b8c3d85d7760fe524fbdd14a9399db37b16f7adc66b52ad7b5ef4a9a80e8fb2e895f9866a49650d1206fe4669a532f439641e4b469917749670c2c
-
SSDEEP
49152:MxwW7D9kZ2LLSfZDClwZT6G+5DGwmHbD6Q:MxwWyZ2vUtClwspDGwmH36
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2