General

  • Target

    file.exe

  • Size

    1.7MB

  • Sample

    241119-jh4crs1hlg

  • MD5

    8dfd8eaae0a25d346fb3ef5a083a4f4e

  • SHA1

    84004ef179f88b7a8ecd971728c495b9f0c88dae

  • SHA256

    2154b74f5f555aafda6ec664348b9a563d22c224173c904e329ff1417a39b0d9

  • SHA512

    30940a87c2fd2191035bcbfcc22aafc8c773bfadfdde2e075fb99a22fa9ee1a99fda39c079db83937306e5c536005ae1aceb3c79fb8b50ac248493b475c973a6

  • SSDEEP

    49152:/IhFbBhII1RgZArcGFuu5+KgnT0cxW8ZKXC:/Yb/ImRgyAi+Yc

Malware Config

Extracted

Family

lumma

C2

https://processhol.sbs/api

https://p10tgrace.sbs/api

https://peepburry828.sbs/api

https://3xp3cts1aim.sbs/api

https://p3ar11fter.sbs/api

Targets

    • Target

      file.exe

    • Size

      1.7MB

    • MD5

      8dfd8eaae0a25d346fb3ef5a083a4f4e

    • SHA1

      84004ef179f88b7a8ecd971728c495b9f0c88dae

    • SHA256

      2154b74f5f555aafda6ec664348b9a563d22c224173c904e329ff1417a39b0d9

    • SHA512

      30940a87c2fd2191035bcbfcc22aafc8c773bfadfdde2e075fb99a22fa9ee1a99fda39c079db83937306e5c536005ae1aceb3c79fb8b50ac248493b475c973a6

    • SSDEEP

      49152:/IhFbBhII1RgZArcGFuu5+KgnT0cxW8ZKXC:/Yb/ImRgyAi+Yc

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks