General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    241119-r8pajaxkaz

  • MD5

    b11035b20e183bd0d0c3e577d6f4059c

  • SHA1

    47559525b6a556d2fef4826c1ddb5c228f7534bf

  • SHA256

    a8b2a576d59a77a4ace377aaa152f004dfe8ec7cfe3b8e31c846cdf7a042f750

  • SHA512

    ee597215e8c04d110d58d90fc0892302775abc327f61d43d8590684372766e2fa7e50afb480cd71f0228de8a4b0c9d420cdca0136e05d13ebcfee590ebcc83c8

  • SSDEEP

    49152:/goNQ2506ZGbkDYyBdOZRsk3RQTRyi0ARRIYvEwdSvQO:4I5DskDYySZRskYGyRIYlSv

Malware Config

Extracted

Family

lumma

C2

https://processhol.sbs/api

https://p10tgrace.sbs/api

https://peepburry828.sbs/api

https://3xp3cts1aim.sbs/api

https://p3ar11fter.sbs/api

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      b11035b20e183bd0d0c3e577d6f4059c

    • SHA1

      47559525b6a556d2fef4826c1ddb5c228f7534bf

    • SHA256

      a8b2a576d59a77a4ace377aaa152f004dfe8ec7cfe3b8e31c846cdf7a042f750

    • SHA512

      ee597215e8c04d110d58d90fc0892302775abc327f61d43d8590684372766e2fa7e50afb480cd71f0228de8a4b0c9d420cdca0136e05d13ebcfee590ebcc83c8

    • SSDEEP

      49152:/goNQ2506ZGbkDYyBdOZRsk3RQTRyi0ARRIYvEwdSvQO:4I5DskDYySZRskYGyRIYlSv

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks