General
-
Target
file.exe
-
Size
1.8MB
-
Sample
241119-q3lf1swgkf
-
MD5
8c469585512fabb731e4458d496577c8
-
SHA1
9b2e3747c3a710c77e4bdf1f7f3da79fa1d4212b
-
SHA256
6f3bdaea4e518baeba16aefc83352055764a04595dfdd1a3824a8b4fdc2a64d1
-
SHA512
863ffb3fd874c879b0b6952c3c74d320735a83eebdafec02e2de1fbaf643eef6fada516f23252ffb5187dd02daceacb7250ffdd36d97d4ffa44a6fea884c54a6
-
SSDEEP
49152:stQDizZCQVr9ATAsrMP87ssksD8EC+LyFZ:MMirygls1G/
Malware Config
Extracted
lumma
https://processhol.sbs/api
https://p10tgrace.sbs/api
https://peepburry828.sbs/api
https://3xp3cts1aim.sbs/api
https://p3ar11fter.sbs/api
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
8c469585512fabb731e4458d496577c8
-
SHA1
9b2e3747c3a710c77e4bdf1f7f3da79fa1d4212b
-
SHA256
6f3bdaea4e518baeba16aefc83352055764a04595dfdd1a3824a8b4fdc2a64d1
-
SHA512
863ffb3fd874c879b0b6952c3c74d320735a83eebdafec02e2de1fbaf643eef6fada516f23252ffb5187dd02daceacb7250ffdd36d97d4ffa44a6fea884c54a6
-
SSDEEP
49152:stQDizZCQVr9ATAsrMP87ssksD8EC+LyFZ:MMirygls1G/
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2