General

  • Target

    847f22970216b8e19935230729e3ff5f2a2224f305edb621fb44f44bab0c0a13.exe

  • Size

    1.7MB

  • Sample

    241119-fk7anazqdz

  • MD5

    3676ff6f583516d10ecac56298941ce6

  • SHA1

    d792a3b9f438a63b26f0ed22731be259c4ebbb9c

  • SHA256

    847f22970216b8e19935230729e3ff5f2a2224f305edb621fb44f44bab0c0a13

  • SHA512

    a4d1fb11b3c6875e0e6ef0c7b48941e9a344157b4f138f446a331bc0002d86e2b7d63d67019b0e015e0cc2a9ecea863a82da942a1cc41136082d8448de243728

  • SSDEEP

    24576:73FeiFqu9ka+ow+bZHdRv8jteT6dVMtgTwBr4LTh/np0rRsGOcHo0R4eEdDzguwo:ZgZZowqZzvYjVt/LNgRxOcI0R4Dzx1

Malware Config

Extracted

Family

lumma

C2

https://processhol.sbs/api

https://peepburry828.sbs/api

https://3xp3cts1aim.sbs/api

https://p3ar11fter.sbs/api

https://p10tgrace.sbs/api

Targets

    • Target

      847f22970216b8e19935230729e3ff5f2a2224f305edb621fb44f44bab0c0a13.exe

    • Size

      1.7MB

    • MD5

      3676ff6f583516d10ecac56298941ce6

    • SHA1

      d792a3b9f438a63b26f0ed22731be259c4ebbb9c

    • SHA256

      847f22970216b8e19935230729e3ff5f2a2224f305edb621fb44f44bab0c0a13

    • SHA512

      a4d1fb11b3c6875e0e6ef0c7b48941e9a344157b4f138f446a331bc0002d86e2b7d63d67019b0e015e0cc2a9ecea863a82da942a1cc41136082d8448de243728

    • SSDEEP

      24576:73FeiFqu9ka+ow+bZHdRv8jteT6dVMtgTwBr4LTh/np0rRsGOcHo0R4eEdDzguwo:ZgZZowqZzvYjVt/LNgRxOcI0R4Dzx1

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks