General
-
Target
bea260df38cb135f619d2742d0d074957ed960d50707810278d7cf8b933026b8.exe
-
Size
3.0MB
-
Sample
241120-qabfcaxfmm
-
MD5
ce847baec38969d34b52c996ee9e7fa2
-
SHA1
8628b4208afc88e14a490aa328220d3e933bf99f
-
SHA256
bea260df38cb135f619d2742d0d074957ed960d50707810278d7cf8b933026b8
-
SHA512
3d47bf7750f599b909475a0ed1ad838034b42c93dbfbd5059e5f34004d94c961b5dbb1f7ef4710dffe5521a834a0b60476aee7ba459a1f9922b1118683827d14
-
SSDEEP
49152:eMbN1dfFCte+rTl4JLVJ6farG8qSu9GfUpvgXxUwevzdawHCWG8:TJFqeCTlqXoarGEfUOhQvzdawy8
Malware Config
Extracted
lumma
https://scriptyprefej.store
https://navygenerayk.store
https://founpiuer.store
https://necklacedmny.store
https://thumbystriw.store
https://fadehairucw.store
https://crisiwarny.store
https://presticitpo.store
Targets
-
-
Target
bea260df38cb135f619d2742d0d074957ed960d50707810278d7cf8b933026b8.exe
-
Size
3.0MB
-
MD5
ce847baec38969d34b52c996ee9e7fa2
-
SHA1
8628b4208afc88e14a490aa328220d3e933bf99f
-
SHA256
bea260df38cb135f619d2742d0d074957ed960d50707810278d7cf8b933026b8
-
SHA512
3d47bf7750f599b909475a0ed1ad838034b42c93dbfbd5059e5f34004d94c961b5dbb1f7ef4710dffe5521a834a0b60476aee7ba459a1f9922b1118683827d14
-
SSDEEP
49152:eMbN1dfFCte+rTl4JLVJ6farG8qSu9GfUpvgXxUwevzdawHCWG8:TJFqeCTlqXoarGEfUOhQvzdawy8
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-