General
-
Target
d20226e20ceb5d5f0440c642f10506fbdceaa23e3c598478118e46f0dd932990
-
Size
2.8MB
-
Sample
241120-qg66laxma1
-
MD5
dc20ee0ac31f3e17cbd727de4644f7aa
-
SHA1
7b688e73f50ac2a4241681e996410efeec4e0775
-
SHA256
d20226e20ceb5d5f0440c642f10506fbdceaa23e3c598478118e46f0dd932990
-
SHA512
634b7e8cb488ad49ca9b94e7311c323744eb3c430a45e1e0d077dd4c9a86c882e11a8791aef549627df8686021bc940525bdc53c231a9cdab49ceaff853e8f63
-
SSDEEP
49152:aOMADD8jFx7ISH5AFYymmLhglCVGG/H0a5CXbEl1sOR42LL:ZMSD8rsSH5AFYnWKlCVz09ysORTf
Malware Config
Extracted
lumma
https://scriptyprefej.store
https://navygenerayk.store
https://founpiuer.store
https://necklacedmny.store
https://thumbystriw.store
https://fadehairucw.store
https://crisiwarny.store
https://presticitpo.store
Targets
-
-
Target
d20226e20ceb5d5f0440c642f10506fbdceaa23e3c598478118e46f0dd932990
-
Size
2.8MB
-
MD5
dc20ee0ac31f3e17cbd727de4644f7aa
-
SHA1
7b688e73f50ac2a4241681e996410efeec4e0775
-
SHA256
d20226e20ceb5d5f0440c642f10506fbdceaa23e3c598478118e46f0dd932990
-
SHA512
634b7e8cb488ad49ca9b94e7311c323744eb3c430a45e1e0d077dd4c9a86c882e11a8791aef549627df8686021bc940525bdc53c231a9cdab49ceaff853e8f63
-
SSDEEP
49152:aOMADD8jFx7ISH5AFYymmLhglCVGG/H0a5CXbEl1sOR42LL:ZMSD8rsSH5AFYnWKlCVz09ysORTf
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2