Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    241120-fe4mkssbnj

  • MD5

    da34a8db8db4252e95bdc8dbc2eb410a

  • SHA1

    7785a0d178ba83dde1d963578850e6bea445bcec

  • SHA256

    dafe6099caf5b870b82a5b51cb2cbd735cc4f36b685bee614b2fe9616b8bc2d7

  • SHA512

    ac5212fb8517f9571c54fd5dd65c4fd458bf376dfb2f1c2a164edc8eb8aee077ee46df176a4c36b74d48411c9f38ada1a5584bddb21037d646311974b6f108e4

  • SSDEEP

    49152:S4m8M1zzLC4QiPO/itKSlQCIxxTSo+xoRZrHLoce4KdOj6M:fS8mQC2WoRZT+5dO9

Score
10/10
lummadiscoveryevasionstealer

Malware Config

Extracted

Family

lumma

C2

https://p3ar11fter.sbs

https://3xp3cts1aim.sbs

https://owner-vacat10n.sbs

https://peepburry828.sbs

https://p10tgrace.sbs

https://befall-sm0ker.sbs

https://librari-night.sbs

https://processhol.sbs

https://cook-rain.sbs

Extracted

Family

lumma

C2

https://cook-rain.sbs/api

https://librari-night.sbs/api

https://befall-sm0ker.sbs/api

https://owner-vacat10n.sbs/api

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      da34a8db8db4252e95bdc8dbc2eb410a

    • SHA1

      7785a0d178ba83dde1d963578850e6bea445bcec

    • SHA256

      dafe6099caf5b870b82a5b51cb2cbd735cc4f36b685bee614b2fe9616b8bc2d7

    • SHA512

      ac5212fb8517f9571c54fd5dd65c4fd458bf376dfb2f1c2a164edc8eb8aee077ee46df176a4c36b74d48411c9f38ada1a5584bddb21037d646311974b6f108e4

    • SSDEEP

      49152:S4m8M1zzLC4QiPO/itKSlQCIxxTSo+xoRZrHLoce4KdOj6M:fS8mQC2WoRZT+5dO9

    Score
    10/10
    lummadiscoveryevasionstealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks