General
-
Target
file.exe
-
Size
1.8MB
-
Sample
241120-d9b5pszdke
-
MD5
f3af22da807cf5c72595c605883ede37
-
SHA1
ce837c6fef442d5f397cf3b032a358b1b0eaf31d
-
SHA256
259341feaa61530a621669e04289d7800c332b31a3c3a9e9f70a1ed8e407641b
-
SHA512
58ce0a665a74c367c5389a378d81e8fe34f99e3b23b7745d128bb7894b73d757d0f67ef78942b498a682e7a1824a5f69b716a59f4a2cc1e3cba0fbe12dd3fc4d
-
SSDEEP
49152:j1ZbGmDSWPI0QyGijW3iEFKRNFtBWAcjC/a:L6JvyBCiHNFtoAcj
Malware Config
Extracted
lumma
https://p3ar11fter.sbs
https://3xp3cts1aim.sbs
https://owner-vacat10n.sbs
https://peepburry828.sbs
https://p10tgrace.sbs
https://befall-sm0ker.sbs
https://librari-night.sbs
https://processhol.sbs
https://cook-rain.sbs
Extracted
lumma
https://cook-rain.sbs/api
https://librari-night.sbs/api
https://befall-sm0ker.sbs/api
https://owner-vacat10n.sbs/api
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
f3af22da807cf5c72595c605883ede37
-
SHA1
ce837c6fef442d5f397cf3b032a358b1b0eaf31d
-
SHA256
259341feaa61530a621669e04289d7800c332b31a3c3a9e9f70a1ed8e407641b
-
SHA512
58ce0a665a74c367c5389a378d81e8fe34f99e3b23b7745d128bb7894b73d757d0f67ef78942b498a682e7a1824a5f69b716a59f4a2cc1e3cba0fbe12dd3fc4d
-
SSDEEP
49152:j1ZbGmDSWPI0QyGijW3iEFKRNFtBWAcjC/a:L6JvyBCiHNFtoAcj
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2