General
-
Target
4d9c1285865ef502aec60001d209d9e7d89da9ba358ecd6d6890eca8076e19fd.exe
-
Size
1.8MB
-
Sample
241118-tj4p2a1ajp
-
MD5
d9643ee5c90efb8562762c259e42a6e6
-
SHA1
80a31096bafb6973be5394c081f8fefffe946011
-
SHA256
4d9c1285865ef502aec60001d209d9e7d89da9ba358ecd6d6890eca8076e19fd
-
SHA512
2502cba9cb473381c0a932530afb6d1418222966602b800ea4bd9218d565091627c53476364884106109e654247457a2bb6cd0fe3922ff173b9c18bd7a89b650
-
SSDEEP
49152:tWTukSLYqC4PMVG5/2eMitBI7c9ExjGlo0oqZ6:oTuL0gZ2eMWBI7F6lov
Malware Config
Extracted
lumma
https://processhol.sbs/api
https://p10tgrace.sbs/api
https://peepburry828.sbs/api
https://3xp3cts1aim.sbs/api
https://p3ar11fter.sbs/api
Targets
-
-
Target
4d9c1285865ef502aec60001d209d9e7d89da9ba358ecd6d6890eca8076e19fd.exe
-
Size
1.8MB
-
MD5
d9643ee5c90efb8562762c259e42a6e6
-
SHA1
80a31096bafb6973be5394c081f8fefffe946011
-
SHA256
4d9c1285865ef502aec60001d209d9e7d89da9ba358ecd6d6890eca8076e19fd
-
SHA512
2502cba9cb473381c0a932530afb6d1418222966602b800ea4bd9218d565091627c53476364884106109e654247457a2bb6cd0fe3922ff173b9c18bd7a89b650
-
SSDEEP
49152:tWTukSLYqC4PMVG5/2eMitBI7c9ExjGlo0oqZ6:oTuL0gZ2eMWBI7F6lov
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2