General
-
Target
9812db614a670766cd4f5264eaf571237608c0637ac75be17bdf837252adb414.exe
-
Size
3.0MB
-
Sample
241120-pylesa1pcr
-
MD5
0b64966e00b178648fb1c8b7564590f7
-
SHA1
16721634606e73db37611e13bb887aa66c90e4f3
-
SHA256
9812db614a670766cd4f5264eaf571237608c0637ac75be17bdf837252adb414
-
SHA512
17a63bd8ae1457a538c068fb574f02b50bfe7276a6a4eb0fb26682f08f9c3bf6b4c4d696eaa5fd556fa9cf5c8a78819ca03240f1e84f5b315747c915e79bd5b6
-
SSDEEP
49152:ohwYh9bXgS4xTzt3ZPfFDTjEiz7AgDVIkV/6kvLDiMNzgtjkKR/GgcMkRUtFd2G:ohwYCVfjEAAgDVIwXLDiMgxkgA2dJ
Malware Config
Extracted
lumma
https://scriptyprefej.store
https://navygenerayk.store
https://founpiuer.store
https://necklacedmny.store
https://thumbystriw.store
https://fadehairucw.store
https://crisiwarny.store
https://presticitpo.store
Targets
-
-
Target
9812db614a670766cd4f5264eaf571237608c0637ac75be17bdf837252adb414.exe
-
Size
3.0MB
-
MD5
0b64966e00b178648fb1c8b7564590f7
-
SHA1
16721634606e73db37611e13bb887aa66c90e4f3
-
SHA256
9812db614a670766cd4f5264eaf571237608c0637ac75be17bdf837252adb414
-
SHA512
17a63bd8ae1457a538c068fb574f02b50bfe7276a6a4eb0fb26682f08f9c3bf6b4c4d696eaa5fd556fa9cf5c8a78819ca03240f1e84f5b315747c915e79bd5b6
-
SSDEEP
49152:ohwYh9bXgS4xTzt3ZPfFDTjEiz7AgDVIkV/6kvLDiMNzgtjkKR/GgcMkRUtFd2G:ohwYCVfjEAAgDVIwXLDiMgxkgA2dJ
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2