General
-
Target
11c28c93f110d1fcdbafb66c492d3a90dfb5771db3f977c70001f861d676b418
-
Size
1.8MB
-
Sample
241118-tfs45azlaz
-
MD5
db2026f6d1362bbabf5f0d349dd2b586
-
SHA1
11713b2445f91da456305f4e723c5b9c5855fea0
-
SHA256
11c28c93f110d1fcdbafb66c492d3a90dfb5771db3f977c70001f861d676b418
-
SHA512
17d77f5df4557dd0ec25c0433de65cf10ec1604d9aaa1dace34455f07566966880d283a318872489cee7c08b2276fb82456ccd84ec77a31ed8f7d77d8e8acf89
-
SSDEEP
49152:RdQu59DD/C4PIhQvCt4IjjSokiYrsclGk:pDq4PkQat/kiY7lGk
Malware Config
Extracted
lumma
https://processhol.sbs/api
https://p10tgrace.sbs/api
https://peepburry828.sbs/api
https://3xp3cts1aim.sbs/api
https://p3ar11fter.sbs/api
Targets
-
-
Target
11c28c93f110d1fcdbafb66c492d3a90dfb5771db3f977c70001f861d676b418
-
Size
1.8MB
-
MD5
db2026f6d1362bbabf5f0d349dd2b586
-
SHA1
11713b2445f91da456305f4e723c5b9c5855fea0
-
SHA256
11c28c93f110d1fcdbafb66c492d3a90dfb5771db3f977c70001f861d676b418
-
SHA512
17d77f5df4557dd0ec25c0433de65cf10ec1604d9aaa1dace34455f07566966880d283a318872489cee7c08b2276fb82456ccd84ec77a31ed8f7d77d8e8acf89
-
SSDEEP
49152:RdQu59DD/C4PIhQvCt4IjjSokiYrsclGk:pDq4PkQat/kiY7lGk
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2