lumma | 847f22970216b8e19935230729e3ff5f2a2224f305edb621fb44f44bab0c0a13 | Triage

Sharing

General

Target

847f22970216b8e19935230729e3ff5f2a2224f305edb621fb44f44bab0c0a13
Size

1.7MB
Sample

241119-m5nglswaqp
MD5

3676ff6f583516d10ecac56298941ce6
SHA1

d792a3b9f438a63b26f0ed22731be259c4ebbb9c
SHA256

847f22970216b8e19935230729e3ff5f2a2224f305edb621fb44f44bab0c0a13
SHA512

a4d1fb11b3c6875e0e6ef0c7b48941e9a344157b4f138f446a331bc0002d86e2b7d63d67019b0e015e0cc2a9ecea863a82da942a1cc41136082d8448de243728
SSDEEP

24576:73FeiFqu9ka+ow+bZHdRv8jteT6dVMtgTwBr4LTh/np0rRsGOcHo0R4eEdDzguwo:ZgZZowqZzvYjVt/LNgRxOcI0R4Dzx1

Score

10^/10

lumma discovery evasion stealer

Malware Config

Extracted

Family

lumma

C2

https://processhol.sbs/api

https://p10tgrace.sbs/api

https://peepburry828.sbs/api

https://3xp3cts1aim.sbs/api

https://p3ar11fter.sbs/api

Targets

- Target
  
  847f22970216b8e19935230729e3ff5f2a2224f305edb621fb44f44bab0c0a13
- Size
  
  1.7MB
- MD5
  
  3676ff6f583516d10ecac56298941ce6
- SHA1
  
  d792a3b9f438a63b26f0ed22731be259c4ebbb9c
- SHA256
  
  847f22970216b8e19935230729e3ff5f2a2224f305edb621fb44f44bab0c0a13
- SHA512
  
  a4d1fb11b3c6875e0e6ef0c7b48941e9a344157b4f138f446a331bc0002d86e2b7d63d67019b0e015e0cc2a9ecea863a82da942a1cc41136082d8448de243728
- SSDEEP
  
  24576:73FeiFqu9ka+ow+bZHdRv8jteT6dVMtgTwBr4LTh/np0rRsGOcHo0R4eEdDzguwo:ZgZZowqZzvYjVt/LNgRxOcI0R4Dzx1
Score

10^/10

lumma discovery evasion stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoveryevasionstealer

behavioral2

lummadiscoveryevasionstealer