General
-
Target
90e6d75b1a3721d4d8138bdaabc9b53d9b504eb4d8e0200202a9cdbc3a09547c.exe
-
Size
1.8MB
-
Sample
241119-wppt6syqfw
-
MD5
6aa6f1174c848bb9c782864976f93914
-
SHA1
2af01fe8ca83acf0cf36506f20b8d651d16e25d6
-
SHA256
90e6d75b1a3721d4d8138bdaabc9b53d9b504eb4d8e0200202a9cdbc3a09547c
-
SHA512
c3c75afff0aa235f37b58d2e171c0042d8ce5e52f53f0c6dfbd262565ede02c9bc89dfa20e7a5382e654c58c52c86a79f6b62dc5c0e82f70971be417ef213ad2
-
SSDEEP
49152:AOfrkYq2DEd4PjtH2QuzyR8r1XBkqKVS3Av9hAKDByyIl:AOd9zWtvr1WqqSs9hBO
Malware Config
Extracted
lumma
https://processhol.sbs/api
https://p10tgrace.sbs/api
https://peepburry828.sbs/api
https://3xp3cts1aim.sbs/api
https://p3ar11fter.sbs/api
Targets
-
-
Target
90e6d75b1a3721d4d8138bdaabc9b53d9b504eb4d8e0200202a9cdbc3a09547c.exe
-
Size
1.8MB
-
MD5
6aa6f1174c848bb9c782864976f93914
-
SHA1
2af01fe8ca83acf0cf36506f20b8d651d16e25d6
-
SHA256
90e6d75b1a3721d4d8138bdaabc9b53d9b504eb4d8e0200202a9cdbc3a09547c
-
SHA512
c3c75afff0aa235f37b58d2e171c0042d8ce5e52f53f0c6dfbd262565ede02c9bc89dfa20e7a5382e654c58c52c86a79f6b62dc5c0e82f70971be417ef213ad2
-
SSDEEP
49152:AOfrkYq2DEd4PjtH2QuzyR8r1XBkqKVS3Av9hAKDByyIl:AOd9zWtvr1WqqSs9hBO
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-