General
-
Target
6e2b1ee5f03b5cc5117b10f8436ae0b716c0e2c7f3accf3d97928a322bf71e9e
-
Size
2.8MB
-
Sample
241120-p6zx5swhng
-
MD5
3f075d8a80c2881d26355e63cc367019
-
SHA1
83af9a52025eee9430b93e7efc1d9a039b81985f
-
SHA256
6e2b1ee5f03b5cc5117b10f8436ae0b716c0e2c7f3accf3d97928a322bf71e9e
-
SHA512
339f6e25bfacbfcb001cd95457a41689536af710c18958c6cc757237d48dabb0bc9c219a0df78f49adb75fbc4ca15231a9db8c0b25b647d917370ca944d0cd9e
-
SSDEEP
49152:3cdlTQk6/xjnE6BFW5FRj1O7zhswsc//Cg8wHW05OLv3:ITQt/xjnE6BFW5fBIzhswsc//Cg82l+
Malware Config
Extracted
lumma
https://scriptyprefej.store
https://navygenerayk.store
https://founpiuer.store
https://necklacedmny.store
https://thumbystriw.store
https://fadehairucw.store
https://crisiwarny.store
https://presticitpo.store
Targets
-
-
Target
6e2b1ee5f03b5cc5117b10f8436ae0b716c0e2c7f3accf3d97928a322bf71e9e
-
Size
2.8MB
-
MD5
3f075d8a80c2881d26355e63cc367019
-
SHA1
83af9a52025eee9430b93e7efc1d9a039b81985f
-
SHA256
6e2b1ee5f03b5cc5117b10f8436ae0b716c0e2c7f3accf3d97928a322bf71e9e
-
SHA512
339f6e25bfacbfcb001cd95457a41689536af710c18958c6cc757237d48dabb0bc9c219a0df78f49adb75fbc4ca15231a9db8c0b25b647d917370ca944d0cd9e
-
SSDEEP
49152:3cdlTQk6/xjnE6BFW5FRj1O7zhswsc//Cg8wHW05OLv3:ITQt/xjnE6BFW5fBIzhswsc//Cg82l+
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-