General

  • Target

    5b925045e850cc5704bbe0d7d9ebab9372699b97a54a29832b09c01c2e868433.exe

  • Size

    1.8MB

  • Sample

    241119-favtwazpfy

  • MD5

    03bd155c22cddc63aa7414a50b98fe0e

  • SHA1

    25bea392faefc9256150b8732c83a4a18d1fd9e2

  • SHA256

    5b925045e850cc5704bbe0d7d9ebab9372699b97a54a29832b09c01c2e868433

  • SHA512

    33f530d448b469e63a6d2e34ee0429ff1714b234166825947375d2f23ced5e4d9578bc47dc5650a9fd891e4b265301eafc1b29d9af8364fdd2d626aaa8d3f70a

  • SSDEEP

    49152:VAtpNvzezLU7G5fG6bmwdguhKYJxzpjaXizIohtvqCWlg:e16kG5ubyKipjaXCvxW+

Malware Config

Extracted

Family

lumma

C2

https://processhol.sbs/api

https://p10tgrace.sbs/api

https://peepburry828.sbs/api

https://p3ar11fter.sbs/api

https://3xp3cts1aim.sbs/api

Targets

    • Target

      5b925045e850cc5704bbe0d7d9ebab9372699b97a54a29832b09c01c2e868433.exe

    • Size

      1.8MB

    • MD5

      03bd155c22cddc63aa7414a50b98fe0e

    • SHA1

      25bea392faefc9256150b8732c83a4a18d1fd9e2

    • SHA256

      5b925045e850cc5704bbe0d7d9ebab9372699b97a54a29832b09c01c2e868433

    • SHA512

      33f530d448b469e63a6d2e34ee0429ff1714b234166825947375d2f23ced5e4d9578bc47dc5650a9fd891e4b265301eafc1b29d9af8364fdd2d626aaa8d3f70a

    • SSDEEP

      49152:VAtpNvzezLU7G5fG6bmwdguhKYJxzpjaXizIohtvqCWlg:e16kG5ubyKipjaXCvxW+

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks