General
-
Target
db2026f6d1362bbabf5f0d349dd2b586.bin
-
Size
1.8MB
-
Sample
241119-b65lqstmfr
-
MD5
52309c7755070396ff809fa92616c404
-
SHA1
ca148213f3b03ae7a98901dd5ad3fd0c06eb97d2
-
SHA256
009fb81aaa528f58ae2d11687bd0f645f6788d43e3320a88288e11aa905eb079
-
SHA512
6813f776d7ef0be9e7c8c2247a8c5a0d276bed48bba44335c1eb94c3333761023247b572e5515df90ece73ecc2a6f4ca69208882ecffbfd6b3bfea630d3a0771
-
SSDEEP
49152:fqQMUSUx45P41ltefvbQ47CiJTSkejB1MiadEe:yQHSA45Q1lteRTSkejBE6e
Malware Config
Extracted
lumma
https://processhol.sbs/api
https://p10tgrace.sbs/api
https://peepburry828.sbs/api
https://3xp3cts1aim.sbs/api
https://p3ar11fter.sbs/api
Targets
-
-
Target
11c28c93f110d1fcdbafb66c492d3a90dfb5771db3f977c70001f861d676b418.exe
-
Size
1.8MB
-
MD5
db2026f6d1362bbabf5f0d349dd2b586
-
SHA1
11713b2445f91da456305f4e723c5b9c5855fea0
-
SHA256
11c28c93f110d1fcdbafb66c492d3a90dfb5771db3f977c70001f861d676b418
-
SHA512
17d77f5df4557dd0ec25c0433de65cf10ec1604d9aaa1dace34455f07566966880d283a318872489cee7c08b2276fb82456ccd84ec77a31ed8f7d77d8e8acf89
-
SSDEEP
49152:RdQu59DD/C4PIhQvCt4IjjSokiYrsclGk:pDq4PkQat/kiY7lGk
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2