General
-
Target
971ed167b3901301c16764e544ec2ab8cdd0d220d76677ade952a921b20fbaad.exe
-
Size
1.8MB
-
Sample
241119-fqw2wazhkd
-
MD5
d4c2a1ba061f40bcec02e375ac69f89c
-
SHA1
7ab28dc46af1842974002b49c734c74234d5892d
-
SHA256
971ed167b3901301c16764e544ec2ab8cdd0d220d76677ade952a921b20fbaad
-
SHA512
73ab11057d2c1033f913243fbb2d78b6319e4d73dceab8921c75509805e4c2112fe7aa82ca915a5be818177135baf458bb23bc5467de492974888ed85826e59b
-
SSDEEP
24576:+pXVYobdP8o1M1NTjDlHsn0e0MyQpPB6va/yudxJ7M4WYq6UY6CCGPtWWt9uopMU:+9Vc2phclYJ71PtWWL/
Malware Config
Extracted
lumma
https://processhol.sbs/api
https://p10tgrace.sbs/api
https://peepburry828.sbs/api
https://3xp3cts1aim.sbs/api
https://p3ar11fter.sbs/api
Targets
-
-
Target
971ed167b3901301c16764e544ec2ab8cdd0d220d76677ade952a921b20fbaad.exe
-
Size
1.8MB
-
MD5
d4c2a1ba061f40bcec02e375ac69f89c
-
SHA1
7ab28dc46af1842974002b49c734c74234d5892d
-
SHA256
971ed167b3901301c16764e544ec2ab8cdd0d220d76677ade952a921b20fbaad
-
SHA512
73ab11057d2c1033f913243fbb2d78b6319e4d73dceab8921c75509805e4c2112fe7aa82ca915a5be818177135baf458bb23bc5467de492974888ed85826e59b
-
SSDEEP
24576:+pXVYobdP8o1M1NTjDlHsn0e0MyQpPB6va/yudxJ7M4WYq6UY6CCGPtWWt9uopMU:+9Vc2phclYJ71PtWWL/
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2