General
-
Target
a18b9825944c5354da667e1dcc5f3f8761818d636e189f67728475efc67c7836
-
Size
1.8MB
-
Sample
241119-ldhxdatkas
-
MD5
678f20eec911aa7093a7b4b7bc496f69
-
SHA1
3d75bc7e8d1f317667ace606b7c16fbcc900a408
-
SHA256
a18b9825944c5354da667e1dcc5f3f8761818d636e189f67728475efc67c7836
-
SHA512
3d1bc15fcee50bfdd9c9d51f19d18d7c5303531573c3dc26b4898a0d8fd8acbba840b22a8621037c81a43657b1e0cd3ab80af2edb0841f33b89df39057aa2aab
-
SSDEEP
49152:oF3T9t6GDlTH944UOCVa3tKdg9xrVdoDALV:oVTf/lrOOCVa3tTDokLV
Malware Config
Extracted
lumma
https://processhol.sbs/api
https://p10tgrace.sbs/api
https://peepburry828.sbs/api
https://3xp3cts1aim.sbs/api
https://p3ar11fter.sbs/api
Targets
-
-
Target
a18b9825944c5354da667e1dcc5f3f8761818d636e189f67728475efc67c7836
-
Size
1.8MB
-
MD5
678f20eec911aa7093a7b4b7bc496f69
-
SHA1
3d75bc7e8d1f317667ace606b7c16fbcc900a408
-
SHA256
a18b9825944c5354da667e1dcc5f3f8761818d636e189f67728475efc67c7836
-
SHA512
3d1bc15fcee50bfdd9c9d51f19d18d7c5303531573c3dc26b4898a0d8fd8acbba840b22a8621037c81a43657b1e0cd3ab80af2edb0841f33b89df39057aa2aab
-
SSDEEP
49152:oF3T9t6GDlTH944UOCVa3tKdg9xrVdoDALV:oVTf/lrOOCVa3tTDokLV
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2